// For flags

CVE-2021-47180

NFC: nci: fix memory leak in nci_allocate_device

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

NFC: nci: fix memory leak in nci_allocate_device

nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev.
Fix this by freeing hci_dev in nci_free_device.

BUG: memory leak
unreferenced object 0xffff888111ea6800 (size 1024):
comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline]
[<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline]
[<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784
[<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline]
[<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132
[<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153
[<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345
[<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554
[<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740
[<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846
[<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914
[<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109
[<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
[<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
[<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: NFC: nci: corrige la pérdida de memoria en nci_allocate_device nfcmrvl_disconnect no logra liberar el campo hci_dev en la estructura nci_dev. Solucione este problema liberando hci_dev en nci_free_device. ERROR: pérdida de memoria, objeto sin referencia 0xffff888111ea6800 (tamaño 1024): comunicación "kworker/1:0", pid 19, jiffies 4294942308 (edad 13.580 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............. ... seguimiento: [&lt;000000004bc25d43&gt;] kmalloc include/linux/slab.h:552 [en línea] [&lt;000000004bc25d43&gt;] kzalloc include/linux/slab.h:682 [en línea] [&lt;000000004bc25d43&gt;] nci_hci_allocate+0x21/ 0xd0 net/nfc/nci/hci.c:784 [&lt;00000000c59cff92&gt;] nci_allocate_device net/nfc/nci/core.c:1170 [en línea] [&lt;00000000c59cff92&gt;] nci_allocate_device+0x10b/0x160 net/nfc/nci/core. c:1132 [&lt;00000000006e0a8e&gt;] nfcmrvl_nci_register_dev+0x10a/0x1c0 controladores/nfc/nfcmrvl/main.c:153 [&lt;000000004da1b57e&gt;] nfcmrvl_probe+0x223/0x290 controladores/nfc/nfcmr vl/usb.c:345 [&lt;00000000d506aed9&gt;] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [&lt;00000000bc632c92&gt;] very_probe+0x159/0x4a0 drivers/base/dd.c:554 [&lt;00000000f5009125&gt;] driver_probe_device+0x84/0x100 drivers/base/dd .c:740 [&lt;000000000ce658ca&gt;] __device_attach_driver+0xee/0x110 controladores/base/dd.c:846 [&lt;000000007067d05f&gt;] bus_for_each_drv+0xb7/0x100 controladores/base/bus.c:431 [&lt;00000000f8e1337 2&gt;] __device_attach+0x122 /0x250 controladores/base/dd.c:914 [&lt;000000009cf68860&gt;] bus_probe_device+0xc6/0xe0 controladores/base/bus.c:491 [&lt;00000000359c965a&gt;] dispositivo_add+0x5be/0xc30 controladores/base/core.c:3109 [ &lt;00000000086e4bd3&gt;] usb_set_configuration+0x9d9/0xb90 controladores/usb/core/message.c:2164 [&lt;00000000ca036872&gt;] usb_generic_driver_probe+0x8c/0xc0 controladores/usb/core/generic.c:238 [&lt;00000000d40d3 6f6&gt;] dispositivo_probe_usb+0x5c/ 0x140 controladores/usb/core/driver.c:293 [&lt;00000000bc632c92&gt;] very_probe+0x159/0x4a0 controladores/base/dd.c:554

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-03-25 CVE Reserved
  • 2024-03-25 CVE Published
  • 2024-03-26 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.0 < 4.4.271
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.4.271"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.0 < 4.9.271
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.9.271"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.0 < 4.14.235
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.14.235"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.0 < 4.19.193
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.19.193"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.0 < 5.4.123
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.4.123"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.0 < 5.10.41
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.10.41"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.0 < 5.12.8
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.12.8"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.0 < 5.13
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.13"
en
Affected