{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T06:51:23.934","vulnerabilities":[{"cve":{"id":"CVE-2021-47214","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-04-10T19:15:48.680","lastModified":"2025-03-27T21:05:27.253","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhugetlb, userfaultfd: fix reservation restore on userfaultfd error\n\nCurrently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we\nbail out using \"goto out_release_unlock;\" in the cases where idx >=\nsize, or !huge_pte_none(), the code will detect that new_pagecache_page\n== false, and so call restore_reserve_on_error().  In this case I see\nrestore_reserve_on_error() delete the reservation, and the following\ncall to remove_inode_hugepages() will increment h->resv_hugepages\ncausing a 100% reproducible leak.\n\nWe should treat the is_continue case similar to adding a page into the\npagecache and set new_pagecache_page to true, to indicate that there is\nno reservation to restore on the error path, and we need not call\nrestore_reserve_on_error().  Rename new_pagecache_page to\npage_in_pagecache to make that clear."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hugetlb, userfaultfd: se corrige el error de restauración de reserva en userfaultfd Actualmente, en el caso is_continue en hugetlb_mcopy_atomic_pte(), si salimos usando \"goto out_release_unlock;\" en los casos donde idx >= size, o !huge_pte_none(), el código detectará que new_pagecache_page == false, y por lo tanto llamará a restore_reserve_on_error(). En este caso, veo que restore_reserve_on_error() elimina la reserva, y la siguiente llamada a remove_inode_hugepages() incrementará h->resv_hugepages causando una fuga 100% reproducible. Deberíamos tratar el caso is_continue de forma similar a agregar una página al pagecache y establecer new_pagecache_page en true, para indicar que no hay ninguna reserva para restaurar en la ruta del error, y no necesitamos llamar a restore_reserve_on_error(). Cambie el nombre new_pagecache_page a page_in_pagecache para que quede claro."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.15.5","matchCriteriaId":"53E796CA-D377-4F91-8FF4-33D9CAC9A4B8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13.13:*:*:*:*:*:*:*","matchCriteriaId":"6047C65C-29BB-4EDB-B410-FA269D2877D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*","matchCriteriaId":"357AA433-37E8-4323-BFB2-3038D6E4B414"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}