#VU90019 Memory leak in Linux kernel - CVE-2021-47104

Vulnerability identifier: #VU90019

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47104

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qib_user_sdma_queue_pkts() function in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
http://git.kernel.org/stable/c/1ced0a3015a95c6a6db45e37250912c4c86697ab
http://git.kernel.org/stable/c/76b648063eb36c72dfc0a6896de8a0a7d2c7841c
http://git.kernel.org/stable/c/d53456492b5d02033c73dfa0f3b94c86337791ba
http://git.kernel.org/stable/c/0aaec9c5f60754b56f84460ea439b8c5e91f4caa
http://git.kernel.org/stable/c/79dcbd8176152b860028b62f81a635d987365752
http://git.kernel.org/stable/c/7cf6466e00a77b0a914b7b2c28a1fc7947d55e59
http://git.kernel.org/stable/c/aefcc25f3a0cd28a87d11d41d30419a12cd26a34
http://git.kernel.org/stable/c/bee90911e0138c76ee67458ac0d58b38a3190f65

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.