Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

sles 15.1
shell weakness #44

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

libvpd-2.2.6/src/libvpd-2/vpdretriever.h

Context:

The highlighted line of code below is the trigger point of this particular Sles 15.1 shell weakness.

  * Releases all resources used by this vpdretriever.  Closes connections to the
 * VPD db and free's all malloc'd memory.
 */
void free_vpdretriever( struct vpdretriever *freeme );

/*
 * Retrieves the entire tree of device VPD.  The pointer returned is malloc'd
 * and should be free'd using the free_system function from system.h.  On error
 * NULL is returned.
 */
struct system * get_component_tree( struct vpdretriever *dbenv );

/*
 * Retrieves the specified component.  The pointer returned is malloc'd and
 * should be free'd using free_component function from component.h.  On error
 * NULL is returned.
 */
struct component * get_component( struct vpdretriever *dbenv, const char *id );

/*
 * Retrieves the system level VPD.  The pointer returned is malloc'd and
 * should be free'd using free_system function from system.h.  On error
 * NULL is returned.
 */
struct system * get_system( struct vpdretriever *dbenv );

#endif /*VPDRETRIEVER_H_*/ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.