PT-2024-11364 · Linux+2 · Linux Kernel+2

Jason Wang

·

Published

2021-09-19

·

Updated

2024-07-03

·

CVE-2021-47367

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the virtio-net component in the Linux kernel, where pages leak when building skb in big mode. This happens because the code tries to use build skb() when there is sufficient tailroom, but it forgets to release the unused pages chained via private in big mode, resulting in page leaks. The fix involves releasing the pages after building the skb in big mode.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Leak

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-119

Related Identifiers

BDU:2025-07518
CVE-2021-47367
OPENSUSE-SU-2024_2189-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2011-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2189-1
SUSE-SU-2024:2190-1

Affected Products

Astra Linux
Linux Kernel
Suse