{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2021-46956", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.937Z", "datePublished": "2024-02-27T18:46:58.101Z", "dateUpdated": "2026-05-11T13:45:10.978Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T13:45:10.978Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: fix memory leak in virtio_fs_probe()\n\nWhen accidentally passing twice the same tag to qemu, kmemleak ended up\nreporting a memory leak in virtiofs. Also, looking at the log I saw the\nfollowing error (that's when I realised the duplicated tag):\n\n virtiofs: probe of virtio5 failed with error -17\n\nHere's the kmemleak log for reference:\n\nunreferenced object 0xffff888103d47800 (size 1024):\n comm \"systemd-udevd\", pid 118, jiffies 4294893780 (age 18.340s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 80 90 02 a0 ff ff ff ff ................\n backtrace:\n [<000000000ebb87c1>] virtio_fs_probe+0x171/0x7ae [virtiofs]\n [<00000000f8aca419>] virtio_dev_probe+0x15f/0x210\n [<000000004d6baf3c>] really_probe+0xea/0x430\n [<00000000a6ceeac8>] device_driver_attach+0xa8/0xb0\n [<00000000196f47a7>] __driver_attach+0x98/0x140\n [<000000000b20601d>] bus_for_each_dev+0x7b/0xc0\n [<00000000399c7b7f>] bus_add_driver+0x11b/0x1f0\n [<0000000032b09ba7>] driver_register+0x8f/0xe0\n [<00000000cdd55998>] 0xffffffffa002c013\n [<000000000ea196a2>] do_one_initcall+0x64/0x2e0\n [<0000000008f727ce>] do_init_module+0x5c/0x260\n [<000000003cdedab6>] __do_sys_finit_module+0xb5/0x120\n [<00000000ad2f48c6>] do_syscall_64+0x33/0x40\n [<00000000809526b5>] entry_SYSCALL_64_after_hwframe+0x44/0xae"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fuse/virtio_fs.c"], "versions": [{"version": "a62a8ef9d97da23762a588592c8b8eb50a8deb6a", "lessThan": "310efc95c72c13faf855c692d19cd4d054d827c8", "status": "affected", "versionType": "git"}, {"version": "a62a8ef9d97da23762a588592c8b8eb50a8deb6a", "lessThan": "d19555ff225d0896a33246a49279e6d578095f15", "status": "affected", "versionType": "git"}, {"version": "a62a8ef9d97da23762a588592c8b8eb50a8deb6a", "lessThan": "9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae", "status": "affected", "versionType": "git"}, {"version": "a62a8ef9d97da23762a588592c8b8eb50a8deb6a", "lessThan": "5116e79fc6e6725b8acdad8b7e928a83ab7b47e6", "status": "affected", "versionType": "git"}, {"version": "a62a8ef9d97da23762a588592c8b8eb50a8deb6a", "lessThan": "c79c5e0178922a9e092ec8fed026750f39dcaef4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fuse/virtio_fs.c"], "versions": [{"version": "5.4", "status": "affected"}, {"version": "0", "lessThan": "5.4", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.118", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.36", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.20", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.3", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.4.118"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.10.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.11.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.12.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/310efc95c72c13faf855c692d19cd4d054d827c8"}, {"url": "https://git.kernel.org/stable/c/d19555ff225d0896a33246a49279e6d578095f15"}, {"url": "https://git.kernel.org/stable/c/9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae"}, {"url": "https://git.kernel.org/stable/c/5116e79fc6e6725b8acdad8b7e928a83ab7b47e6"}, {"url": "https://git.kernel.org/stable/c/c79c5e0178922a9e092ec8fed026750f39dcaef4"}], "title": "virtiofs: fix memory leak in virtio_fs_probe()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46956", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-27T19:29:39.801497Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:02.090Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.907Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/310efc95c72c13faf855c692d19cd4d054d827c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d19555ff225d0896a33246a49279e6d578095f15", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5116e79fc6e6725b8acdad8b7e928a83ab7b47e6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c79c5e0178922a9e092ec8fed026750f39dcaef4", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/310efc95c72c13faf855c692d19cd4d054d827c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d19555ff225d0896a33246a49279e6d578095f15", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5116e79fc6e6725b8acdad8b7e928a83ab7b47e6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c79c5e0178922a9e092ec8fed026750f39dcaef4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.907Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46956", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-27T19:29:39.801497Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:40.997Z"}}], "cna": {"title": "virtiofs: fix memory leak in virtio_fs_probe()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a62a8ef9d97da23762a588592c8b8eb50a8deb6a", "lessThan": "310efc95c72c13faf855c692d19cd4d054d827c8", "versionType": "git"}, {"status": "affected", "version": "a62a8ef9d97da23762a588592c8b8eb50a8deb6a", "lessThan": "d19555ff225d0896a33246a49279e6d578095f15", "versionType": "git"}, {"status": "affected", "version": "a62a8ef9d97da23762a588592c8b8eb50a8deb6a", "lessThan": "9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae", "versionType": "git"}, {"status": "affected", "version": "a62a8ef9d97da23762a588592c8b8eb50a8deb6a", "lessThan": "5116e79fc6e6725b8acdad8b7e928a83ab7b47e6", "versionType": "git"}, {"status": "affected", "version": "a62a8ef9d97da23762a588592c8b8eb50a8deb6a", "lessThan": "c79c5e0178922a9e092ec8fed026750f39dcaef4", "versionType": "git"}], "programFiles": ["fs/fuse/virtio_fs.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.4"}, {"status": "unaffected", "version": "0", "lessThan": "5.4", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.118", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.36", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.20", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.3", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/fuse/virtio_fs.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/310efc95c72c13faf855c692d19cd4d054d827c8"}, {"url": "https://git.kernel.org/stable/c/d19555ff225d0896a33246a49279e6d578095f15"}, {"url": "https://git.kernel.org/stable/c/9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae"}, {"url": "https://git.kernel.org/stable/c/5116e79fc6e6725b8acdad8b7e928a83ab7b47e6"}, {"url": "https://git.kernel.org/stable/c/c79c5e0178922a9e092ec8fed026750f39dcaef4"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: fix memory leak in virtio_fs_probe()\n\nWhen accidentally passing twice the same tag to qemu, kmemleak ended up\nreporting a memory leak in virtiofs. Also, looking at the log I saw the\nfollowing error (that's when I realised the duplicated tag):\n\n virtiofs: probe of virtio5 failed with error -17\n\nHere's the kmemleak log for reference:\n\nunreferenced object 0xffff888103d47800 (size 1024):\n comm \"systemd-udevd\", pid 118, jiffies 4294893780 (age 18.340s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 80 90 02 a0 ff ff ff ff ................\n backtrace:\n [<000000000ebb87c1>] virtio_fs_probe+0x171/0x7ae [virtiofs]\n [<00000000f8aca419>] virtio_dev_probe+0x15f/0x210\n [<000000004d6baf3c>] really_probe+0xea/0x430\n [<00000000a6ceeac8>] device_driver_attach+0xa8/0xb0\n [<00000000196f47a7>] __driver_attach+0x98/0x140\n [<000000000b20601d>] bus_for_each_dev+0x7b/0xc0\n [<00000000399c7b7f>] bus_add_driver+0x11b/0x1f0\n [<0000000032b09ba7>] driver_register+0x8f/0xe0\n [<00000000cdd55998>] 0xffffffffa002c013\n [<000000000ea196a2>] do_one_initcall+0x64/0x2e0\n [<0000000008f727ce>] do_init_module+0x5c/0x260\n [<000000003cdedab6>] __do_sys_finit_module+0xb5/0x120\n [<00000000ad2f48c6>] do_syscall_64+0x33/0x40\n [<00000000809526b5>] entry_SYSCALL_64_after_hwframe+0x44/0xae"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.118", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.36", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.11.20", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.12.3", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.13", "versionStartIncluding": "5.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T13:45:10.978Z"}}}, "cveMetadata": {"cveId": "CVE-2021-46956", "state": "PUBLISHED", "dateUpdated": "2026-05-11T13:45:10.978Z", "dateReserved": "2024-02-27T18:42:55.937Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-27T18:46:58.101Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "45C90F78-15A8-452F-AA7D-00A762FDEFE7", "versionEndExcluding": "5.4.118", "versionStartIncluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "003E22D0-CA29-4338-8B35-0754C740074F", "versionEndExcluding": "5.10.36", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEC03413-9760-46D4-AC1D-EB084A1D4111", "versionEndExcluding": "5.11.20", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32", "versionEndExcluding": "5.12.3", "versionStartIncluding": "5.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: fix memory leak in virtio_fs_probe()\n\nWhen accidentally passing twice the same tag to qemu, kmemleak ended up\nreporting a memory leak in virtiofs. Also, looking at the log I saw the\nfollowing error (that's when I realised the duplicated tag):\n\n virtiofs: probe of virtio5 failed with error -17\n\nHere's the kmemleak log for reference:\n\nunreferenced object 0xffff888103d47800 (size 1024):\n comm \"systemd-udevd\", pid 118, jiffies 4294893780 (age 18.340s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 80 90 02 a0 ff ff ff ff ................\n backtrace:\n [<000000000ebb87c1>] virtio_fs_probe+0x171/0x7ae [virtiofs]\n [<00000000f8aca419>] virtio_dev_probe+0x15f/0x210\n [<000000004d6baf3c>] really_probe+0xea/0x430\n [<00000000a6ceeac8>] device_driver_attach+0xa8/0xb0\n [<00000000196f47a7>] __driver_attach+0x98/0x140\n [<000000000b20601d>] bus_for_each_dev+0x7b/0xc0\n [<00000000399c7b7f>] bus_add_driver+0x11b/0x1f0\n [<0000000032b09ba7>] driver_register+0x8f/0xe0\n [<00000000cdd55998>] 0xffffffffa002c013\n [<000000000ea196a2>] do_one_initcall+0x64/0x2e0\n [<0000000008f727ce>] do_init_module+0x5c/0x260\n [<000000003cdedab6>] __do_sys_finit_module+0xb5/0x120\n [<00000000ad2f48c6>] do_syscall_64+0x33/0x40\n [<00000000809526b5>] entry_SYSCALL_64_after_hwframe+0x44/0xae"}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: virtiofs: corrige p\u00e9rdida de memoria en virtio_fs_probe() Al pasar accidentalmente dos veces la misma etiqueta a qemu, kmemleak termin\u00f3 reportando una p\u00e9rdida de memoria en virtiofs. Adem\u00e1s, mirando el registro vi el siguiente error (fue entonces cuando me di cuenta de la etiqueta duplicada): virtiofs: la sonda de virtio5 fall\u00f3 con el error -17 Aqu\u00ed est\u00e1 el registro kmemleak como referencia: objeto sin referencia 0xffff888103d47800 (tama\u00f1o 1024): comm \"systemd- udevd\", pid 118, jiffies 4294893780 (edad 18.340 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 ......N....... ... ff ff ff ff ff ff ff ff 80 90 02 a0 ff ff ff ff ................ rastreo: [&lt;000000000ebb87c1&gt;] virtio_fs_probe+0x171/0x7ae [virtiofs] [&lt;00000000f8aca419&gt;] virtio_dev_probe+0x15f/0x210 [&lt;000000004d6baf3c&gt;] very_probe+0xea/0x430 [&lt;00000000a6ceeac8&gt;] device_driver_attach+0xa8/0xb0 [&lt;00000000196f47a7 &gt;] __driver_attach+0x98/0x140 [&lt;000000000b20601d&gt;] bus_for_each_dev+0x7b/0xc0 [&lt;00000000399c7b7f&gt;] bus_add_driver+0x11b/0x1f0 [&lt;0000000032b09ba7&gt;] driver_register+0x8f/0xe0 [&lt;00000000cdd55998&gt;] 0xffffffffa002c013 [&lt;000000000ea196a2&gt; ] do_one_initcall+0x64/0x2e0 [&lt;0000000008f727ce&gt;] do_init_module+0x5c/0x260 [&lt;000000003cdedab6&gt; ] __do_sys_finit_module+0xb5/0x120 [&lt;00000000ad2f48c6&gt;] do_syscall_64+0x33/0x40 [&lt;00000000809526b5&gt;] Entry_SYSCALL_64_after_hwframe+0x44/0xae "}], "id": "CVE-2021-46956", "lastModified": "2024-12-06T17:54:34.117", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-27T19:04:06.717", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/310efc95c72c13faf855c692d19cd4d054d827c8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5116e79fc6e6725b8acdad8b7e928a83ab7b47e6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c79c5e0178922a9e092ec8fed026750f39dcaef4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d19555ff225d0896a33246a49279e6d578095f15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/310efc95c72c13faf855c692d19cd4d054d827c8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5116e79fc6e6725b8acdad8b7e928a83ab7b47e6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c79c5e0178922a9e092ec8fed026750f39dcaef4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d19555ff225d0896a33246a49279e6d578095f15"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: virtiofs: fix memory leak in virtio_fs_probe()", "id": "2266466", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266466"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvirtiofs: fix memory leak in virtio_fs_probe()\nWhen accidentally passing twice the same tag to qemu, kmemleak ended up\nreporting a memory leak in virtiofs. Also, looking at the log I saw the\nfollowing error (that's when I realised the duplicated tag):\nvirtiofs: probe of virtio5 failed with error -17\nHere's the kmemleak log for reference:\nunreferenced object 0xffff888103d47800 (size 1024):\ncomm \"systemd-udevd\", pid 118, jiffies 4294893780 (age 18.340s)\nhex dump (first 32 bytes):\n00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\nff ff ff ff ff ff ff ff 80 90 02 a0 ff ff ff ff ................\nbacktrace:\n[<000000000ebb87c1>] virtio_fs_probe+0x171/0x7ae [virtiofs]\n[<00000000f8aca419>] virtio_dev_probe+0x15f/0x210\n[<000000004d6baf3c>] really_probe+0xea/0x430\n[<00000000a6ceeac8>] device_driver_attach+0xa8/0xb0\n[<00000000196f47a7>] __driver_attach+0x98/0x140\n[<000000000b20601d>] bus_for_each_dev+0x7b/0xc0\n[<00000000399c7b7f>] bus_add_driver+0x11b/0x1f0\n[<0000000032b09ba7>] driver_register+0x8f/0xe0\n[<00000000cdd55998>] 0xffffffffa002c013\n[<000000000ea196a2>] do_one_initcall+0x64/0x2e0\n[<0000000008f727ce>] do_init_module+0x5c/0x260\n[<000000003cdedab6>] __do_sys_finit_module+0xb5/0x120\n[<00000000ad2f48c6>] do_syscall_64+0x33/0x40\n[<00000000809526b5>] entry_SYSCALL_64_after_hwframe+0x44/0xae"], "name": "CVE-2021-46956", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46956\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46956\nhttps://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46956-df60@gregkh/T/#u"], "threat_severity": "Low"}

{}