PT-2024-11370 · Linux+6 · Linux Kernel+6

Kaige Fu

Published

2021-09-22

Updated

2024-12-26

CVE-2021-47373

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential VPE leak on error has been resolved in the Linux kernel. The issue occurs in the its vpe irq domain alloc function when its vpe init() returns an error, causing an off-by-one in the number of VPEs to be freed. The fix involves passing the number of VPEs allocated, which is the index of the loop iterating over the VPEs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

ALSA-2024:5101

ALSA-2024:5102

BDU:2025-07520

CESA-2024_5101

CESA-2024_5102

CVE-2021-47373

INFSA-2024_5101

INFSA-2024_5102

OPENSUSE-SU-2024_2189-1

RHSA-2022:8267

RHSA-2022_8267

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024_5101

RHSA-2024_5102

RLSA-2024:5101

RLSA-2024:5102

RXSA-2024:5101

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:3189-1

SUSE-SU-2024:3251-1

SUSE-SU-2024:3252-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2024-11370 · Linux+6 · Linux Kernel+6

CVE-2021-47373

Weakness Enumeration

Related Identifiers

Affected Products

References · 1967