How severe is CVE-2021-47305?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-47305?

This is classified as CWE-617, which is a common weakness in software security.

CVE-2021-47305 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sync_file: Don't leak fences on merge failure Each add_fence() call does a dma_fence_get() on the relevant fence. In the error path, we weren't calling dma_fence_put() so all those fences got leaked. Also, in the krealloc_array failure case, we weren't freeing the fences array. Instead, ensure that i and fences are always zero-initialized and dma_fence_put() all the fences and kfree(fences) on every error path.

Related Vulnerabilities

CVE-2015-8745

MEDIUM

CVSS:5.5(Medium)

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_...

CWE-6172015

CVE-2016-9388

MEDIUM

CVSS:5.5(Medium)

The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

CWE-6172016

CVE-2017-14649

MEDIUM

CVSS:5.5(Medium)

ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).

CWE-6172017

CVE-2017-15371

MEDIUM

CVSS:5.5(Medium)

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an a...

CWE-6172017

CVE-2017-18169

MEDIUM

CVSS:5.5(Medium)

User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

CWE-6172017

CVE-2017-5981

MEDIUM

CVSS:5.5(Medium)

seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.

CWE-6172017