CVE-2021-47171
net: usb: fix memory leak in smsc75xx_bind
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
net: usb: fix memory leak in smsc75xx_bind
Syzbot reported memory leak in smsc75xx_bind().
The problem was is non-freed memory in case of
errors after memory allocation.
backtrace:
[<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline]
[<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline]
[<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460
[<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: usb: corrige la pérdida de memoria en smsc75xx_bind Syzbot informó una pérdida de memoria en smsc75xx_bind(). El problema era que la memoria no se liberaba en caso de errores después de la asignación de memoria. backtrace: [] kmalloc include/linux/slab.h:556 [en línea] [] kzalloc include/linux/slab.h:686 [en línea] [] smsc75xx_bind+0x7a/0x334 controladores/ net/usb/smsc75xx.c:1460 [] usbnet_probe+0x3b6/0xc30 controladores/net/usb/usbnet.c:1728
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-25 CVE Reserved
- 2024-03-25 CVE Published
- 2024-05-17 EPSS Updated
- 2024-09-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
- CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/d0cad871703b898a442e4049c532ec39168e5b57 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-47171 | 2024-06-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2271469 | 2024-06-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.34 < 4.4.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 4.4.271" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.34 < 4.9.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 4.9.271" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.34 < 4.14.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 4.14.235" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.34 < 4.19.193 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 4.19.193" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.34 < 5.4.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 5.4.124" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.34 < 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 5.10.42" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.34 < 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 5.12.9" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.34 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.34 < 5.13" | en |
Affected
| ||||||