English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2021-47541
Description:In the Linux kernel, the following vulnerability has been resolved: net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() In mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() is called and tmp->tx_cq will be freed on the error path of mlx4_en_copy_priv(). After that mlx4_en_alloc_resources() is called and there is a dereference of &tmp->tx_cq[t][i] in mlx4_en_alloc_resources(), which could lead to a use after free problem on failure of mlx4_en_copy_priv(). Fix this bug by adding a check of mlx4_en_copy_priv() This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. Builds with CONFIG_MLX4_EN=m show no new warnings, and our static analyzer no longer warns about this code.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2021-47541
https://git.kernel.org/stable/c/676dc7d9b15bf8733233a2db1ec3f9091ab34275
https://git.kernel.org/stable/c/676dc7d9b15bf8733233a2db1ec3f9091ab34275
https://git.kernel.org/stable/c/75917372eef0dbfb290ae45474314d35f97aea18
https://git.kernel.org/stable/c/75917372eef0dbfb290ae45474314d35f97aea18
https://git.kernel.org/stable/c/addad7643142f500080417dd7272f49b7a185570
https://git.kernel.org/stable/c/addad7643142f500080417dd7272f49b7a185570
https://git.kernel.org/stable/c/be12572c5ddc8ad7453bada4eec8fa46967dc757
https://git.kernel.org/stable/c/be12572c5ddc8ad7453bada4eec8fa46967dc757
https://git.kernel.org/stable/c/e461a9816a1ac5b4aeb61621b817225b61e46a68
https://git.kernel.org/stable/c/e461a9816a1ac5b4aeb61621b817225b61e46a68
https://git.kernel.org/stable/c/f1d43efa59f1edd3e7eca0e94559b4c6b1cd4e2b
https://git.kernel.org/stable/c/f1d43efa59f1edd3e7eca0e94559b4c6b1cd4e2b



© 1998-2025 E-Soft Inc. All rights reserved.