CVE-2021-47087

Description

In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages (struct page *page) has already progressed towards the end of allocation. It is incorrect to perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. Fix this by stop modifying the page pointer.

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-763 CWE-763

Affected Products

Vendor	Product	Versions
linux	linux_kernel	5.4.140 — 5.4.169
linux	linux_kernel	5.10.58 — 5.10.89
linux	linux_kernel	5.14 — 5.15.12
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All

References

Advisories & Patches

https://git.kernel.org/stable/c/18549bf4b21c739a9def39f27dcac53e27286ab5 https://git.kernel.org/stable/c/806142c805cacd098e61bdc0f72c778a2389fe4a https://git.kernel.org/stable/c/91e94e42f6fc49635f1a16d8ae3f79552bcfda29 https://git.kernel.org/stable/c/ad338d825e3f7b96ee542bf313728af2d19fe9ad https://git.kernel.org/stable/c/18549bf4b21c739a9def39f27dcac53e27286ab5 https://git.kernel.org/stable/c/806142c805cacd098e61bdc0f72c778a2389fe4a https://git.kernel.org/stable/c/91e94e42f6fc49635f1a16d8ae3f79552bcfda29 https://git.kernel.org/stable/c/ad338d825e3f7b96ee542bf313728af2d19fe9ad

Frequently Asked Questions

What is CVE-2021-47087? +

In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages (struct page *page) has already progressed towards the end of allocation. It is incorrect to perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. Fix this by stop modifying the page pointer. It has a CVSS v3.1 base score of 7.8 (HIGH).

How severe is CVE-2021-47087? +

CVE-2021-47087 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2021-47087? +

CVE-2021-47087 affects products from linux, specifically: linux_kernel. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2021-47087? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-13824

A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault …

CVE-2024-44852 9.8

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().

CVE-2025-25215 8.8

An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior …

CVE-2024-6607 8.8

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a …

CVE-2023-43532 8.4

Memory corruption while reading ACPI config through the user mode app.

CVE-2024-2955 7.8

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or …