PT-2024-11306 · Linux+2 · Linux Kernel+2

Published

2021-06-24

Updated

2024-06-24

CVE-2021-47305

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a fence leak in the dma-buf/sync file component of the Linux kernel. Each add fence() call performs a dma fence get() on the relevant fence, but in the error path, dma fence put() was not being called, resulting in leaked fences. Additionally, in the krealloc array failure case, the fences array was not being freed. To resolve this, it is ensured that i and fences are always zero-initialized, and dma fence put() is called on all fences, and kfree(fences) is performed on every error path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-402CWE-617

Related Identifiers

BDU:2025-14609

CVE-2021-47305

OPENSUSE-SU-2024_2185-1

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2185-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2024-11306 · Linux+2 · Linux Kernel+2

CVE-2021-47305

Weakness Enumeration

Related Identifiers

Affected Products

References · 673