CVE-2021-47543: perf report: Fix memory leaks around perf_tip()

CVE-2021-47543: perf report: Fix memory leaks around perf_tip()

[Greg Kroah-Hartman]

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

perf report: Fix memory leaks around perf_tip()

perf_tip() may allocate memory or use a literal, this means memory
wasn't freed if allocated. Change the API so that literals aren't used.

At the same time add missing frees for system_path. These issues were
spotted using leak sanitizer.

The Linux kernel CVE team has assigned CVE-2021-47543 to this issue.


Affected and fixed versions
===========================

	Fixed in 5.4.164 with commit df5990db088d
	Fixed in 5.10.84 with commit ff061b5bda73
	Fixed in 5.15.7 with commit 71e284dcebec
	Fixed in 5.16 with commit d9fc706108c1

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47543
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	tools/perf/builtin-report.c
	tools/perf/util/util.c
	tools/perf/util/util.h


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/df5990db088d4c7fea9a2f9b8195a7859e1768c4
	https://git.kernel.org/stable/c/ff061b5bda73c4f785b4703eeb0848fd99e5608a
	https://git.kernel.org/stable/c/71e284dcebecb9fd204ff11097469cc547723ad1
	https://git.kernel.org/stable/c/d9fc706108c15f8bc2d4ccccf8e50f74830fabd9

Re: CVE-2021-47543: perf report: Fix memory leaks around perf_tip()

[Michal Hocko]

As far as I understand this is a bug in perf (userspace tool). This can
occur when running 'perf report' which has a generally short lived
lifespan. Is this really a CVE fix? What is the actual security threat?

Btw. CVE-2021-47545 is another one matcing the same pattern.

On Fri 24-05-24 17:10:03, Greg KH wrote:
> Description
> ===========
> 
> In the Linux kernel, the following vulnerability has been resolved:
> 
> perf report: Fix memory leaks around perf_tip()
> 
> perf_tip() may allocate memory or use a literal, this means memory
> wasn't freed if allocated. Change the API so that literals aren't used.
> 
> At the same time add missing frees for system_path. These issues were
> spotted using leak sanitizer.
> 
> The Linux kernel CVE team has assigned CVE-2021-47543 to this issue.
> 
> 
> Affected and fixed versions
> ===========================
> 
> 	Fixed in 5.4.164 with commit df5990db088d
> 	Fixed in 5.10.84 with commit ff061b5bda73
> 	Fixed in 5.15.7 with commit 71e284dcebec
> 	Fixed in 5.16 with commit d9fc706108c1
> 
> Please see https://www.kernel.org for a full list of currently supported
> kernel versions by the kernel community.
> 
> Unaffected versions might change over time as fixes are backported to
> older supported kernel versions.  The official CVE entry at
> 	https://cve.org/CVERecord/?id=CVE-2021-47543
> will be updated if fixes are backported, please check that for the most
> up to date information about this issue.
> 
> 
> Affected files
> ==============
> 
> The file(s) affected by this issue are:
> 	tools/perf/builtin-report.c
> 	tools/perf/util/util.c
> 	tools/perf/util/util.h
> 
> 
> Mitigation
> ==========
> 
> The Linux kernel CVE team recommends that you update to the latest
> stable kernel version for this, and many other bugfixes.  Individual
> changes are never tested alone, but rather are part of a larger kernel
> release.  Cherry-picking individual commits is not recommended or
> supported by the Linux kernel community at all.  If however, updating to
> the latest release is impossible, the individual changes to resolve this
> issue can be found at these commits:
> 	https://git.kernel.org/stable/c/df5990db088d4c7fea9a2f9b8195a7859e1768c4
> 	https://git.kernel.org/stable/c/ff061b5bda73c4f785b4703eeb0848fd99e5608a
> 	https://git.kernel.org/stable/c/71e284dcebecb9fd204ff11097469cc547723ad1
> 	https://git.kernel.org/stable/c/d9fc706108c15f8bc2d4ccccf8e50f74830fabd9

-- 
Michal Hocko
SUSE Labs

Re: CVE-2021-47543: perf report: Fix memory leaks around perf_tip()

[Greg Kroah-Hartman]

On Mon, Jun 10, 2024 at 10:34:04AM +0200, Michal Hocko wrote:
> As far as I understand this is a bug in perf (userspace tool). This can
> occur when running 'perf report' which has a generally short lived
> lifespan. Is this really a CVE fix? What is the actual security threat?

You are correct, now rejected.

> Btw. CVE-2021-47545 is another one matcing the same pattern.

Thank you for noticing, also now rejected.

greg k-h