What is CVE-2021-47365?

CVE-2021-47365 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2021-47365 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2021-47365?

CVE-2021-47365 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2021-47365?

No patch is currently available for CVE-2021-47365. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2021-47365 actively exploited?

CVE-2021-47365 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2021-47365

Medium

In the Linux kernel, the following vulnerability has been resolved: afs: Fix page leak There's a loop in afs_extend_writeback() that adds extra pages to a write we want to make to improve the efficiency of the writeback by making it larger. This loop stops, however, if we hit a page we can't write back from immediately, but it doesn't get rid of the page ref we speculatively acquired. This was caused by the removal of the cleanup loop when the code switched from using find_get_pages_contig() to xarray scanning as the latter only gets a single page at a time, not a batch. Fix this by putting the page on a ref on an early break from the loop. Unfortunately, we can't just add that page to the pagevec we're employing as we'll go through that and add those pages to the RPC call. This was found by the generic/074 test. It leaks ~4GiB of RAM each time it is run - which can be observed with "top".

Package Linux Kernel

Published 2024-05-21

Last modified 2025-05-12

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-459

CVE-2021-47365 is classified as CWE-459

See CWE-459 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2021-47365 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/581b2027af0018944ba301d68e7af45c6d1128b5
Patch
Kernel patch commit
https://git.kernel.org/stable/c/d130b5fdd42254d92948d06347940276140c927e
Patch

Details

CVE ID CVE-2021-47365

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-05-21

Modified 2025-05-12

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2021-47365?

CVE-2021-47365 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2021-47365 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2021-47365?

CVE-2021-47365 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2021-47365?

No patch is currently available for CVE-2021-47365. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2021-47365 actively exploited?

No — CVE-2021-47365 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.