What is the severity of CVE-2021-47537?

CVE-2021-47537 is classified as a medium severity vulnerability due to the potential for memory leaks.

How do I fix CVE-2021-47537?

To fix CVE-2021-47537, update the Linux kernel to a version after 5.15.7 or apply the specific patch provided in the kernel updates.

What systems are affected by CVE-2021-47537?

CVE-2021-47537 affects versions of the Linux kernel between 5.12 and 5.15.7.

What is the impact of CVE-2021-47537 on system performance?

The impact of CVE-2021-47537 is primarily related to increased memory usage, which may degrade system performance over time.

Is CVE-2021-47537 actively exploited in the wild?

As of now, there is no public evidence suggesting that CVE-2021-47537 is actively exploited in the wild.

Vulnerability/
CVE-2021-47537

medium

5.5

CWE

401

24/5/2024

19/12/2024

CVE-2021-47537: octeontx2-af: Fix a memleak bug in rvu_mbox_init()

First published: Fri May 24 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvu_mbox_init() In rvu_mbox_init(), mbox_regions is not freed or passed out under the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto free_regions'. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. Builds with CONFIG_OCTEONTX2_AF=y show no new warnings, and our static analyzer no longer warns about this code.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux kernel	>=5.12<5.15.7

Remedy

https://git.kernel.org/stable/c/1c0ddef45b7e3dbe3ed073695d20faa572b7056a

Remedy

https://git.kernel.org/stable/c/e07a097b4986afb8f925d0bb32612e1d3e88ce15

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-47537?
CVE-2021-47537 is classified as a medium severity vulnerability due to the potential for memory leaks.
How do I fix CVE-2021-47537?
To fix CVE-2021-47537, update the Linux kernel to a version after 5.15.7 or apply the specific patch provided in the kernel updates.
What systems are affected by CVE-2021-47537?
CVE-2021-47537 affects versions of the Linux kernel between 5.12 and 5.15.7.
What is the impact of CVE-2021-47537 on system performance?
The impact of CVE-2021-47537 is primarily related to increased memory usage, which may degrade system performance over time.
Is CVE-2021-47537 actively exploited in the wild?
As of now, there is no public evidence suggesting that CVE-2021-47537 is actively exploited in the wild.

agent/title
agent/references
agent/description
agent/first-publish-date
agent/type
agent/author
agent/event
agent/severity
agent/weakness
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/linux
canonical/linux kernel
version/linux kernel/5.12

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.