CVE-2021-47345

RDMA/cma: Fix rdma_resolve_route() memory leak

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix rdma_resolve_route() memory leak Fix a memory leak when "mda_resolve_route() is called more than once on the same "rdma_cm_id". This is possible if cma_query_handler() triggers the RDMA_CM_EVENT_ROUTE_ERROR flow which puts the state machine back and allows rdma_resolve_route() to be called again.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/40b613db3a95bc27998e4097d74c2f7e5d083a0b patch
https://git.kernel.org/stable/c/e2da8ce2a9543f3ca5c93369bd1fe6eeb572101a patch
https://git.kernel.org/stable/c/e4e062da082a199357ba4911145f331d40139ad8 patch
https://git.kernel.org/stable/c/4893c938f2a140a74be91779e45e4a7fa111198f patch
https://git.kernel.org/stable/c/032c68b4f5be128a2167f35b558b7cec88fe4972 patch
https://git.kernel.org/stable/c/3d08b5917984f737f32d5bee9737b9075c3895c6 patch
https://git.kernel.org/stable/c/f4f553d67236145fa5fd203ed7b35b9377e19939 patch
https://git.kernel.org/stable/c/07583ba2e2d8947c3d365d97608cb436510885ac patch
https://git.kernel.org/stable/c/74f160ead74bfe5f2b38afb4fcf86189f9ff40c9 patch

Frequently Asked Questions

What is the severity of CVE-2021-47345?
CVE-2021-47345 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47345?
To fix CVE-2021-47345, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47345 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47345 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47345?
CVE-2021-47345 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.