Memory leak in Linux kernel block driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47319 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU89958
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47319
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtblk_freeze() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.4 - 5.14 rc7
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0-57:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/381bde79d11e596002edfd914e6714291826967a
https://git.kernel.org/stable/c/102d6bc6475ab09bab579c18704e6cf8d898e93c
https://git.kernel.org/stable/c/863da837964c80c72e368a4f748c30d25daa1815
https://git.kernel.org/stable/c/600942d2fd49b90e44857d20c774b20d16f3130f
https://git.kernel.org/stable/c/04c6e60b884cb5e94ff32af46867fb41d5848358
https://git.kernel.org/stable/c/cd24da0db9f75ca11eaf6060f0ccb90e2f3be3b0
https://git.kernel.org/stable/c/ca2b8ae93a6da9839dc7f9eb9199b18aa03c3dae
https://git.kernel.org/stable/c/29a2f4a3214aa14d61cc9737c9f886dae9dbb710
https://git.kernel.org/stable/c/b71ba22e7c6c6b279c66f53ee7818709774efa1f
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.240
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.276
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.276
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.52
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.19
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.134
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
