{"id":"CVE-2021-47585","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix memory leak in __add_inode_ref()\n\nLine 1169 (#3) allocates a memory chunk for victim_name by kmalloc(),\nbut  when the function returns in line 1184 (#4) victim_name allocated\nby line 1169 (#3) is not freed, which will lead to a memory leak.\nThere is a similar snippet of code in this function as allocating a memory\nchunk for victim_name in line 1104 (#1) as well as releasing the memory\nin line 1116 (#2).\n\nWe should kfree() victim_name when the return value of backref_in_log()\nis less than zero and before the function returns in line 1184 (#4).\n\n1057 static inline int __add_inode_ref(struct btrfs_trans_handle *trans,\n1058 \t\t\t\t  struct btrfs_root *root,\n1059 \t\t\t\t  struct btrfs_path *path,\n1060 \t\t\t\t  struct btrfs_root *log_root,\n1061 \t\t\t\t  struct btrfs_inode *dir,\n1062 \t\t\t\t  struct btrfs_inode *inode,\n1063 \t\t\t\t  u64 inode_objectid, u64 parent_objectid,\n1064 \t\t\t\t  u64 ref_index, char *name, int namelen,\n1065 \t\t\t\t  int *search_done)\n1066 {\n\n1104 \tvictim_name = kmalloc(victim_name_len, GFP_NOFS);\n\t// #1: kmalloc (victim_name-1)\n1105 \tif (!victim_name)\n1106 \t\treturn -ENOMEM;\n\n1112\tret = backref_in_log(log_root, &search_key,\n1113\t\t\tparent_objectid, victim_name,\n1114\t\t\tvictim_name_len);\n1115\tif (ret \u003c 0) {\n1116\t\tkfree(victim_name); // #2: kfree (victim_name-1)\n1117\t\treturn ret;\n1118\t} else if (!ret) {\n\n1169 \tvictim_name = kmalloc(victim_name_len, GFP_NOFS);\n\t// #3: kmalloc (victim_name-2)\n1170 \tif (!victim_name)\n1171 \t\treturn -ENOMEM;\n\n1180 \tret = backref_in_log(log_root, &search_key,\n1181 \t\t\tparent_objectid, victim_name,\n1182 \t\t\tvictim_name_len);\n1183 \tif (ret \u003c 0) {\n1184 \t\treturn ret; // #4: missing kfree (victim_name-2)\n1185 \t} else if (!ret) {\n\n1241 \treturn 0;\n1242 }","modified":"2026-03-13T05:20:49.628603Z","published":"2024-06-19T15:15:53.057Z","related":["SUSE-SU-2024:2372-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/005d9292b5b2e71a009f911bd85d755009b37242"},{"type":"FIX","url":"https://git.kernel.org/stable/c/493ff661d434d6bdf02e3a21adae04d7a0b4265d"},{"type":"FIX","url":"https://git.kernel.org/stable/c/f35838a6930296fc1988764cfa54cb3f705c0665"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47585.json","unresolved_ranges":[{"events":[{"introduced":"5.5"},{"fixed":"5.10.88"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.11"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}