CVE-2021-47089: kfence: fix memory leak when cat kfence objects
First published: Mon Mar 04 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: kfence: fix memory leak when cat kfence objects Hulk robot reported a kmemleak problem: unreferenced object 0xffff93d1d8cc02e8 (size 248): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 00 40 85 19 d4 93 ff ff 00 10 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: seq_open+0x2a/0x80 full_proxy_open+0x167/0x1e0 do_dentry_open+0x1e1/0x3a0 path_openat+0x961/0xa20 do_filp_open+0xae/0x120 do_sys_openat2+0x216/0x2f0 do_sys_open+0x57/0x80 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff93d419854000 (size 4096): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 6b 66 65 6e 63 65 2d 23 32 35 30 3a 20 30 78 30 kfence-#250: 0x0 30 30 30 30 30 30 30 37 35 34 62 64 61 31 32 2d 0000000754bda12- backtrace: seq_read_iter+0x313/0x440 seq_read+0x14b/0x1a0 full_proxy_read+0x56/0x80 vfs_read+0xa5/0x1b0 ksys_read+0xa0/0xf0 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 I find that we can easily reproduce this problem with the following commands: cat /sys/kernel/debug/kfence/objects echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak The leaked memory is allocated in the stack below: do_syscall_64 do_sys_open do_dentry_open full_proxy_open seq_open ---> alloc seq_file vfs_read full_proxy_read seq_read seq_read_iter traverse ---> alloc seq_buf And it should have been released in the following process: do_syscall_64 syscall_exit_to_user_mode exit_to_user_mode_prepare task_work_run ____fput __fput full_proxy_release ---> free here However, the release function corresponding to file_operations is not implemented in kfence. As a result, a memory leak occurs. Therefore, the solution to this problem is to implement the corresponding release function.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=5.12<5.15.12 | |
| Linux Kernel | =5.16-rc1 | |
| Linux Kernel | =5.16-rc2 | |
| Linux Kernel | =5.16-rc3 | |
| Linux Kernel | =5.16-rc4 | |
| Linux Kernel | =5.16-rc5 | |
| Linux Kernel | =5.16-rc6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-47089?
CVE-2021-47089 has been rated as a medium severity vulnerability.
How do I fix CVE-2021-47089?
To fix CVE-2021-47089, you should apply the latest updates provided by your Linux distribution that addresses this vulnerability.
What systems are affected by CVE-2021-47089?
CVE-2021-47089 affects confirmed versions of the Linux Kernel.
What is the nature of the vulnerability in CVE-2021-47089?
CVE-2021-47089 is a memory leak vulnerability occurring in the kfence memory management functionality of the Linux kernel.
Has CVE-2021-47089 been patched?
Yes, CVE-2021-47089 has been addressed and patched in subsequent updates to the Linux kernel.
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.12
- version/linux kernel/5.16-rc1
- version/linux kernel/5.16-rc2
- version/linux kernel/5.16-rc3
- version/linux kernel/5.16-rc4
- version/linux kernel/5.16-rc5
- version/linux kernel/5.16-rc6