CVE-2021-47537

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak bug was found in the rvu mbox init() function, where mbox regions is not freed or passed out under the switch-default region. This bug was identified by a static analyzer using differential checking to detect inconsistent security operations between two code paths. The analysis confirmed that the inconsistent operations are not recovered in the current function or its callers, constituting a bug. The bug can be fixed by changing 'return err' to 'goto free regions'. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.