SB2024053068 - Memory leak in Linux kernel core driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2021-47345)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cma_resolve_ib_route() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/40b613db3a95bc27998e4097d74c2f7e5d083a0b
• https://git.kernel.org/stable/c/e2da8ce2a9543f3ca5c93369bd1fe6eeb572101a
• https://git.kernel.org/stable/c/e4e062da082a199357ba4911145f331d40139ad8
• https://git.kernel.org/stable/c/4893c938f2a140a74be91779e45e4a7fa111198f
• https://git.kernel.org/stable/c/032c68b4f5be128a2167f35b558b7cec88fe4972
• https://git.kernel.org/stable/c/3d08b5917984f737f32d5bee9737b9075c3895c6
• https://git.kernel.org/stable/c/f4f553d67236145fa5fd203ed7b35b9377e19939
• https://git.kernel.org/stable/c/07583ba2e2d8947c3d365d97608cb436510885ac
• https://git.kernel.org/stable/c/74f160ead74bfe5f2b38afb4fcf86189f9ff40c9
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.240
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.133