CVE-2021-47087

HIGH Year: 2021
CVSS v3 Score
7.8
High
Weakness Type
CWE-763
View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages (struct page *page) has already progressed towards the end of allocation. It is incorrect to perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. Fix this by stop modifying the page pointer.

Related Vulnerabilities

CVE-2013-4695

HIGH
CVSS:7.8(High)

Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution

CWE-7632013

CVE-2017-0731

HIGH
CVSS:7.8(High)

A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.

CWE-7632017

CVE-2017-18075

HIGH
CVSS:7.8(High)

crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_C...

CWE-7632017

CVE-2018-9557

HIGH
CVSS:7.8(High)

In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileg...

CWE-7632018

CVE-2019-18619

HIGH
CVSS:7.8(High)

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (t...

CWE-7632019

CVE-2019-19820

HIGH
CVSS:7.8(High)

An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution ...

CWE-7632019