CVE-2021-47133

HID: amd_sfh: Fix memory leak in amd_sfh_work

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

HID: amd_sfh: Fix memory leak in amd_sfh_work

Kmemleak tool detected a memory leak in the amd_sfh driver.

====================
unreferenced object 0xffff88810228ada0 (size 32):
comm "insmod", pid 3968, jiffies 4295056001 (age 775.792s)
hex dump (first 32 bytes):
00 20 73 1f 81 88 ff ff 00 01 00 00 00 00 ad de . s.............
22 01 00 00 00 00 ad de 01 00 02 00 00 00 00 00 "...............
backtrace:
[<000000007b4c8799>] kmem_cache_alloc_trace+0x163/0x4f0
[<0000000005326893>] amd_sfh_get_report+0xa4/0x1d0 [amd_sfh]
[<000000002a9e5ec4>] amdtp_hid_request+0x62/0x80 [amd_sfh]
[<00000000b8a95807>] sensor_hub_get_feature+0x145/0x270 [hid_sensor_hub]
[<00000000fda054ee>] hid_sensor_parse_common_attributes+0x215/0x460 [hid_sensor_iio_common]
[<0000000021279ecf>] hid_accel_3d_probe+0xff/0x4a0 [hid_sensor_accel_3d]
[<00000000915760ce>] platform_probe+0x6a/0xd0
[<0000000060258a1f>] really_probe+0x192/0x620
[<00000000fa812f2d>] driver_probe_device+0x14a/0x1d0
[<000000005e79f7fd>] __device_attach_driver+0xbd/0x110
[<0000000070d15018>] bus_for_each_drv+0xfd/0x160
[<0000000013a3c312>] __device_attach+0x18b/0x220
[<000000008c7b4afc>] device_initial_probe+0x13/0x20
[<00000000e6e99665>] bus_probe_device+0xfe/0x120
[<00000000833fa90b>] device_add+0x6a6/0xe00
[<00000000fa901078>] platform_device_add+0x180/0x380
====================

The fix is to freeing request_list entry once the processed entry is
removed from the request_list.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: amd_sfh: Reparar pérdida de memoria en amd_sfh_work La herramienta Kmemleak detectó una pérdida de memoria en el controlador amd_sfh. ==================== objeto sin referencia 0xffff88810228ada0 (tamaño 32): comm "insmod", pid 3968, jiffies 4295056001 (edad 775,792 s) volcado hexadecimal (primeros 32 bytes) : 00 20 73 1f 81 88 ff ff 00 01 00 00 00 00 ad de . s................. 22 01 00 00 00 00 ad de 01 00 02 00 00 00 00 00 "................. retroceso: [< 000000007b4c8799>] kmem_cache_alloc_trace+0x163/0x4f0 [<0000000005326893>] amd_sfh_get_report+0xa4/0x1d0 [amd_sfh] [<000000002a9e5ec4>] amdtp_hid_request+0x6 2/0x80 [amd_sfh] [<00000000b8a95807>] sensor_hub_get_feature+0x145/0x270 [hid_sensor_hub] [<00000000fda054ee >] hid_sensor_parse_common_attributes+0x215/0x460 [hid_sensor_iio_common] [<0000000021279ecf>] hid_accel_3d_probe+0xff/0x4a0 [hid_sensor_accel_3d] [<00000000915760ce>] platform_probe+0x6a/0xd0 [ <0000000060258a1f>] very_probe+0x192/0x620 [<00000000fa812f2d>] driver_probe_device+ 0x14a/0x1d0 [<000000005e79f7fd>] __device_attach_driver+0xbd/0x110 [<0000000070d15018>] bus_for_each_drv+0xfd/0x160 [<0000000013a3c312>] __device_attach+0x1 8b/0x220 [<000000008c7b4afc>] dispositivo_sonda_inicial+0x13/0x20 [<00000000e6e99665>] bus_probe_dispositivo+ 0xfe/0x120 [<00000000833fa90b>] device_add+0x6a6/0xe00 [<00000000fa901078>] platform_device_add+0x180/0x380 ===================== La solución es liberar la entrada request_list una vez que la entrada procesada se elimina de request_list.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-04 CVE Reserved
2024-03-15 CVE Published
2024-03-16 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://git.kernel.org/stable/c/4b2c53d93a4bc9d52cc0ec354629cfc9dc217f93	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/29beadea66a226d744d5ffdcde6b984623053d24	2021-06-10
https://git.kernel.org/stable/c/5ad755fd2b326aa2bc8910b0eb351ee6aece21b1	2021-05-27

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.12.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.12.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.13"		en		Affected