// For flags

CVE-2021-47173

misc/uss720: fix memory leak in uss720_probe

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

misc/uss720: fix memory leak in uss720_probe

uss720_probe forgets to decrease the refcount of usbdev in uss720_probe.
Fix this by decreasing the refcount of usbdev by usb_put_dev.

BUG: memory leak
unreferenced object 0xffff888101113800 (size 2048):
comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s)
hex dump (first 32 bytes):
ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1...........
00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................
backtrace:
[<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline]
[<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline]
[<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582
[<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline]
[<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
[<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline]
[<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591
[<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
[<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
[<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292
[<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc/uss720: corrige la pérdida de memoria en uss720_probe uss720_probe olvida disminuir el recuento de usbdev en uss720_probe. Solucione este problema disminuyendo el recuento de usbdev por usb_put_dev. ERROR: pérdida de memoria, objeto sin referencia 0xffff888101113800 (tamaño 2048): comunicación "kworker/0:1", pid 7, jiffies 4294956777 (edad 28,870 s) volcado hexadecimal (primeros 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1.......... 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................. ... seguimiento: [] kmalloc include/linux/slab.h:554 [en línea] [] kzalloc include/linux/slab.h:684 [en línea] [] usb_alloc_dev+0x32/ 0x450 controladores/usb/core/usb.c:582 [] hub_port_connect drivers/usb/core/hub.c:5129 [en línea] [] hub_port_connect_change drivers/usb/core/hub.c:5363 [ en línea] [] port_event drivers/usb/core/hub.c:5509 [en línea] [] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 [] Process_one_work+ 0x2c9/0x600 kernel/workqueue.c:2275 [] trabajador_thread+0x59/0x5d0 kernel/workqueue.c:2421 [] kthread+0x178/0x1b0 kernel/kthread.c:292 [ ] ret_from_fork +0x1f/0x30 arco/x86/entrada/entrada_64.S:294

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-03-25 CVE Reserved
  • 2024-03-25 CVE Published
  • 2024-05-17 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.14 < 4.4.271
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.14 < 4.4.271"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.14 < 4.9.271
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.14 < 4.9.271"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.14 < 4.14.235
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.14 < 4.14.235"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.14 < 4.19.193
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.14 < 4.19.193"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.14 < 5.4.124
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.14 < 5.4.124"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.14 < 5.10.42
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.14 < 5.10.42"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.14 < 5.12.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.14 < 5.12.9"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.14 < 5.13
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.14 < 5.13"
en
Affected