CVE-2021-47292 (GCVE-0-2021-47292)

Vulnerability from cvelistv5 – Published: 2024-05-21 14:35 – Updated: 2026-05-11 13:51
VLAI
Title
io_uring: fix memleak in io_init_wq_offload()
Summary
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 (size 96): comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... backtrace: [<000000001974933b>] kmalloc include/linux/slab.h:591 [inline] [<000000001974933b>] kzalloc include/linux/slab.h:721 [inline] [<000000001974933b>] io_init_wq_offload fs/io_uring.c:7920 [inline] [<000000001974933b>] io_uring_alloc_task_context+0x466/0x640 fs/io_uring.c:7955 [<0000000039d0800d>] __io_uring_add_tctx_node+0x256/0x360 fs/io_uring.c:9016 [<000000008482e78c>] io_uring_add_tctx_node fs/io_uring.c:9052 [inline] [<000000008482e78c>] __do_sys_io_uring_enter fs/io_uring.c:9354 [inline] [<000000008482e78c>] __se_sys_io_uring_enter fs/io_uring.c:9301 [inline] [<000000008482e78c>] __x64_sys_io_uring_enter+0xabc/0xc20 fs/io_uring.c:9301 [<00000000b875f18f>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<00000000b875f18f>] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 [<000000006b0a8484>] entry_SYSCALL_64_after_hwframe+0x44/0xae CPU0 CPU1 io_uring_enter io_uring_enter io_uring_add_tctx_node io_uring_add_tctx_node __io_uring_add_tctx_node __io_uring_add_tctx_node io_uring_alloc_task_context io_uring_alloc_task_context io_init_wq_offload io_init_wq_offload hash = kzalloc hash = kzalloc ctx->hash_map = hash ctx->hash_map = hash <- one of the hash is leaked When calling io_uring_enter() in parallel, the 'hash_map' will be leaked, add uring_lock to protect 'hash_map'.
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: e941894eae31b52f0fd9bdb3ce20620afa152f45 , < 502731a03f27cba1513fbbff77e508185ffce5bb (git)
Affected: e941894eae31b52f0fd9bdb3ce20620afa152f45 , < 362a9e65289284f36403058eea2462d0330c1f24 (git)
Create a notification for this product.
Linux Linux Affected: 5.12
Unaffected: 0 , < 5.12 (semver)
Unaffected: 5.13.6 , ≤ 5.13.* (semver)
Unaffected: 5.14 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47292",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:37:42.631775Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:39:15.467Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:08.117Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/502731a03f27cba1513fbbff77e508185ffce5bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/362a9e65289284f36403058eea2462d0330c1f24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/io_uring.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "502731a03f27cba1513fbbff77e508185ffce5bb",
              "status": "affected",
              "version": "e941894eae31b52f0fd9bdb3ce20620afa152f45",
              "versionType": "git"
            },
            {
              "lessThan": "362a9e65289284f36403058eea2462d0330c1f24",
              "status": "affected",
              "version": "e941894eae31b52f0fd9bdb3ce20620afa152f45",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/io_uring.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.13.*",
              "status": "unaffected",
              "version": "5.13.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13.6",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.14",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix memleak in io_init_wq_offload()\n\nI got memory leak report when doing fuzz test:\n\nBUG: memory leak\nunreferenced object 0xffff888107310a80 (size 96):\ncomm \"syz-executor.6\", pid 4610, jiffies 4295140240 (age 20.135s)\nhex dump (first 32 bytes):\n01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\nbacktrace:\n[\u003c000000001974933b\u003e] kmalloc include/linux/slab.h:591 [inline]\n[\u003c000000001974933b\u003e] kzalloc include/linux/slab.h:721 [inline]\n[\u003c000000001974933b\u003e] io_init_wq_offload fs/io_uring.c:7920 [inline]\n[\u003c000000001974933b\u003e] io_uring_alloc_task_context+0x466/0x640 fs/io_uring.c:7955\n[\u003c0000000039d0800d\u003e] __io_uring_add_tctx_node+0x256/0x360 fs/io_uring.c:9016\n[\u003c000000008482e78c\u003e] io_uring_add_tctx_node fs/io_uring.c:9052 [inline]\n[\u003c000000008482e78c\u003e] __do_sys_io_uring_enter fs/io_uring.c:9354 [inline]\n[\u003c000000008482e78c\u003e] __se_sys_io_uring_enter fs/io_uring.c:9301 [inline]\n[\u003c000000008482e78c\u003e] __x64_sys_io_uring_enter+0xabc/0xc20 fs/io_uring.c:9301\n[\u003c00000000b875f18f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003c00000000b875f18f\u003e] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n[\u003c000000006b0a8484\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nCPU0                          CPU1\nio_uring_enter                io_uring_enter\nio_uring_add_tctx_node        io_uring_add_tctx_node\n__io_uring_add_tctx_node      __io_uring_add_tctx_node\nio_uring_alloc_task_context   io_uring_alloc_task_context\nio_init_wq_offload            io_init_wq_offload\nhash = kzalloc                hash = kzalloc\nctx-\u003ehash_map = hash          ctx-\u003ehash_map = hash \u003c- one of the hash is leaked\n\nWhen calling io_uring_enter() in parallel, the \u0027hash_map\u0027 will be leaked,\nadd uring_lock to protect \u0027hash_map\u0027."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:51:40.146Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/502731a03f27cba1513fbbff77e508185ffce5bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/362a9e65289284f36403058eea2462d0330c1f24"
        }
      ],
      "title": "io_uring: fix memleak in io_init_wq_offload()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47292",
    "datePublished": "2024-05-21T14:35:16.724Z",
    "dateReserved": "2024-05-21T13:27:52.130Z",
    "dateUpdated": "2026-05-11T13:51:40.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-47292",
      "date": "2026-07-18",
      "epss": "0.00193",
      "percentile": "0.09189"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47292\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T15:15:17.173\",\"lastModified\":\"2026-06-17T04:17:07.200\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nio_uring: fix memleak in io_init_wq_offload()\\n\\nI got memory leak report when doing fuzz test:\\n\\nBUG: memory leak\\nunreferenced object 0xffff888107310a80 (size 96):\\ncomm \\\"syz-executor.6\\\", pid 4610, jiffies 4295140240 (age 20.135s)\\nhex dump (first 32 bytes):\\n01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\\n00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\\nbacktrace:\\n[\u003c000000001974933b\u003e] kmalloc include/linux/slab.h:591 [inline]\\n[\u003c000000001974933b\u003e] kzalloc include/linux/slab.h:721 [inline]\\n[\u003c000000001974933b\u003e] io_init_wq_offload fs/io_uring.c:7920 [inline]\\n[\u003c000000001974933b\u003e] io_uring_alloc_task_context+0x466/0x640 fs/io_uring.c:7955\\n[\u003c0000000039d0800d\u003e] __io_uring_add_tctx_node+0x256/0x360 fs/io_uring.c:9016\\n[\u003c000000008482e78c\u003e] io_uring_add_tctx_node fs/io_uring.c:9052 [inline]\\n[\u003c000000008482e78c\u003e] __do_sys_io_uring_enter fs/io_uring.c:9354 [inline]\\n[\u003c000000008482e78c\u003e] __se_sys_io_uring_enter fs/io_uring.c:9301 [inline]\\n[\u003c000000008482e78c\u003e] __x64_sys_io_uring_enter+0xabc/0xc20 fs/io_uring.c:9301\\n[\u003c00000000b875f18f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\\n[\u003c00000000b875f18f\u003e] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\\n[\u003c000000006b0a8484\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\nCPU0                          CPU1\\nio_uring_enter                io_uring_enter\\nio_uring_add_tctx_node        io_uring_add_tctx_node\\n__io_uring_add_tctx_node      __io_uring_add_tctx_node\\nio_uring_alloc_task_context   io_uring_alloc_task_context\\nio_init_wq_offload            io_init_wq_offload\\nhash = kzalloc                hash = kzalloc\\nctx-\u003ehash_map = hash          ctx-\u003ehash_map = hash \u003c- one of the hash is leaked\\n\\nWhen calling io_uring_enter() in parallel, the \u0027hash_map\u0027 will be leaked,\\nadd uring_lock to protect \u0027hash_map\u0027.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: io_uring: corrige memleak en io_init_wq_offload(). Recib\u00ed un informe de p\u00e9rdida de memoria al realizar la prueba fuzz: BUG: p\u00e9rdida de memoria objeto sin referencia 0xffff888107310a80 (tama\u00f1o 96): comm \\\"syz-executor.6\\\" , pid 4610, sjiffies 4295140240 (edad 20,135 s) volcado hexadecimal (primeros 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................. 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... backtrace: [\u0026lt;000000001974933b\u0026gt;] kmalloc include/linux/slab.h:591 [en l\u00ednea] [\u0026lt;000000001974933b\u0026gt;] kzalloc include/linux/slab.h:721 [en l\u00ednea] [\u0026lt;000000001974933b\u0026gt;] io_init_wq_offload fs/io_uring.c:7920 [en l\u00ednea] [\u0026lt;000000001974933b\u0026gt;] _context+0x466/0x640 fs/io_uring .c:7955 [\u0026lt;0000000039d0800d\u0026gt;] __io_uring_add_tctx_node+0x256/0x360 fs/io_uring.c:9016 [\u0026lt;000000008482e78c\u0026gt;] io_uring_add_tctx_node fs/io_uring.c:9052 [en l\u00ednea] 0000008482e78c\u0026gt;] __do_sys_io_uring_enter fs/io_uring.c:9354 [en l\u00ednea] [\u0026lt;000000008482e78c\u0026gt;] __se_sys_io_uring_enter fs/io_uring.c:9301 [en l\u00ednea] [\u0026lt;000000008482e78c\u0026gt;] __x64_sys_io_uring_enter+0xabc/0xc20 fs/io_uring.c:9301 [\u0026lt;00000000b 875f18f\u0026gt;] do_syscall_x64 arch/x86/entry/common. c:50 [en l\u00ednea] [\u0026lt;00000000b875f18f\u0026gt;] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 [\u0026lt;000000006b0a8484\u0026gt;] Entry_SYSCALL_64_after_hwframe+0x44/0xae CPU0 CPU1 io_uring_enter io_uring_enter io_uring_add_tctx_node io_uring_add_tctx_node __io_uring_add_tctx_node __io_uring_add_tctx_node io_uring_alloc_task_context io_uring_alloc_task_context io_init_wq_offload io_init_wq_offload hash = kzalloc hash = kzalloc ctx-\u0026gt;hash_map = hash ctx-\u0026gt;hash_map = hash \u0026lt;- uno de los hash se filtra Al llamar a io_uring_enter() en paralelo, se filtrar\u00e1 el \u0027hash_map\u0027, agregue uring_lock para proteger \u0027hash_map\u0027.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"fs/io_uring.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"e941894eae31b52f0fd9bdb3ce20620afa152f45\",\"lessThan\":\"502731a03f27cba1513fbbff77e508185ffce5bb\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"e941894eae31b52f0fd9bdb3ce20620afa152f45\",\"lessThan\":\"362a9e65289284f36403058eea2462d0330c1f24\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"fs/io_uring.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"5.12\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"5.12\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.13.6\",\"lessThanOrEqual\":\"5.13.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.14\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-06-17T17:37:42.631775Z\",\"id\":\"CVE-2021-47292\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12\",\"versionEndExcluding\":\"5.13.6\",\"matchCriteriaId\":\"26AF533A-A941-40CE-9F94-7F1133DE098F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"71268287-21A8-4488-AA4F-23C473153131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"23B9E5C6-FAB5-4A02-9E39-27C8787B0991\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/362a9e65289284f36403058eea2462d0330c1f24\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/502731a03f27cba1513fbbff77e508185ffce5bb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/362a9e65289284f36403058eea2462d0330c1f24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/502731a03f27cba1513fbbff77e508185ffce5bb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "redhat_vex": {
      "aggregate_severity": "Low",
      "current_release_date": "2025-11-21T14:11:52+00:00",
      "cve": "CVE-2021-47292",
      "id": "CVE-2021-47292",
      "initial_release_date": "2021-01-01T00:00:00+00:00",
      "product_status:known_not_affected": "198",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "kernel: io_uring: fix memleak in io_init_wq_offload()",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-47292.json",
      "version": "3"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/502731a03f27cba1513fbbff77e508185ffce5bb\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/362a9e65289284f36403058eea2462d0330c1f24\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:32:08.117Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-47292\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-17T17:37:42.631775Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-17T17:37:43.684Z\"}}], \"cna\": {\"title\": \"io_uring: fix memleak in io_init_wq_offload()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"e941894eae31b52f0fd9bdb3ce20620afa152f45\", \"lessThan\": \"502731a03f27cba1513fbbff77e508185ffce5bb\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"e941894eae31b52f0fd9bdb3ce20620afa152f45\", \"lessThan\": \"362a9e65289284f36403058eea2462d0330c1f24\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/io_uring.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.12\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.12\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.13.6\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.13.*\"}, {\"status\": \"unaffected\", \"version\": \"5.14\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/io_uring.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/502731a03f27cba1513fbbff77e508185ffce5bb\"}, {\"url\": \"https://git.kernel.org/stable/c/362a9e65289284f36403058eea2462d0330c1f24\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nio_uring: fix memleak in io_init_wq_offload()\\n\\nI got memory leak report when doing fuzz test:\\n\\nBUG: memory leak\\nunreferenced object 0xffff888107310a80 (size 96):\\ncomm \\\"syz-executor.6\\\", pid 4610, jiffies 4295140240 (age 20.135s)\\nhex dump (first 32 bytes):\\n01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\\n00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\\nbacktrace:\\n[\u003c000000001974933b\u003e] kmalloc include/linux/slab.h:591 [inline]\\n[\u003c000000001974933b\u003e] kzalloc include/linux/slab.h:721 [inline]\\n[\u003c000000001974933b\u003e] io_init_wq_offload fs/io_uring.c:7920 [inline]\\n[\u003c000000001974933b\u003e] io_uring_alloc_task_context+0x466/0x640 fs/io_uring.c:7955\\n[\u003c0000000039d0800d\u003e] __io_uring_add_tctx_node+0x256/0x360 fs/io_uring.c:9016\\n[\u003c000000008482e78c\u003e] io_uring_add_tctx_node fs/io_uring.c:9052 [inline]\\n[\u003c000000008482e78c\u003e] __do_sys_io_uring_enter fs/io_uring.c:9354 [inline]\\n[\u003c000000008482e78c\u003e] __se_sys_io_uring_enter fs/io_uring.c:9301 [inline]\\n[\u003c000000008482e78c\u003e] __x64_sys_io_uring_enter+0xabc/0xc20 fs/io_uring.c:9301\\n[\u003c00000000b875f18f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\\n[\u003c00000000b875f18f\u003e] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\\n[\u003c000000006b0a8484\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\nCPU0                          CPU1\\nio_uring_enter                io_uring_enter\\nio_uring_add_tctx_node        io_uring_add_tctx_node\\n__io_uring_add_tctx_node      __io_uring_add_tctx_node\\nio_uring_alloc_task_context   io_uring_alloc_task_context\\nio_init_wq_offload            io_init_wq_offload\\nhash = kzalloc                hash = kzalloc\\nctx-\u003ehash_map = hash          ctx-\u003ehash_map = hash \u003c- one of the hash is leaked\\n\\nWhen calling io_uring_enter() in parallel, the \u0027hash_map\u0027 will be leaked,\\nadd uring_lock to protect \u0027hash_map\u0027.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.13.6\", \"versionStartIncluding\": \"5.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.14\", \"versionStartIncluding\": \"5.12\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:08:00.845Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-47292\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T07:08:00.845Z\", \"dateReserved\": \"2024-05-21T13:27:52.130Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-05-21T14:35:16.724Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…