CVE-2021-47190 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

perf bpf: Avoid memory leak from perf_env__insert_btf()

perf_env__insert_btf() doesn't insert if a duplicate BTF id is
encountered and this causes a memory leak. Modify the function to return
a success/error value and then free the memory if insertion didn't
happen.

v2. Adds a return -1 when the insertion error occurs in
perf_env__fetch_btf. This doesn't affect anything as the result is
never checked.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0001.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/11589d3144bc4e272e0aae46ce8156162e99babc
https://git.kernel.org/stable/c/4924b1f7c46711762fd0e65c135ccfbcfd6ded1f
https://git.kernel.org/stable/c/642fc22210a5e59d40b1e4d56d21ec3effd401f2
https://git.kernel.org/stable/c/ab7c3d8d81c511ddfb27823fb07081c96422b56e
https://lore.kernel.org/linux-cve-announce/2024041034-CVE-2021-47190-0261@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47190
https://www.cve.org/CVERecord?id=CVE-2021-47190

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00018}`	epss `{'score': 0.0001}`

Tue, 07 Jan 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Mon, 04 Nov 2024 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-10T18:56:28.815Z

Updated: 2025-05-04T07:06:04.188Z

Reserved: 2024-03-25T09:12:14.113Z

Link: CVE-2021-47190

Vulnrichment

Updated: 2024-08-04T05:32:07.210Z

NVD

Status : Analyzed

Published: 2024-04-10T19:15:47.617

Modified: 2025-01-07T17:11:50.810

Link: CVE-2021-47190

Redhat

Severity : Low

Publid Date: 2024-04-10T00:00:00Z

Links: CVE-2021-47190 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object