CVE-2021-47180

NFC: nci: fix memory leak in nci_allocate_device

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev.
Fix this by freeing hci_dev in nci_free_device. BUG: memory leak
unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: NFC: nci: corrige la pérdida de memoria en nci_allocate_device nfcmrvl_disconnect no logra liberar el campo hci_dev en la estructura nci_dev. Solucione este problema liberando hci_dev en nci_free_device. ERROR: pérdida de memoria, objeto sin referencia 0xffff888111ea6800 (tamaño 1024): comunicación "kworker/1:0", pid 19, jiffies 4294942308 (edad 13.580 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............. ... seguimiento: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [en línea] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [en línea] [<000000004bc25d43>] nci_hci_allocate+0x21/ 0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [en línea] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core. c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 controladores/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 controladores/nfc/nfcmr vl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] very_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd .c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 controladores/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 controladores/base/bus.c:431 [<00000000f8e1337 2>] __device_attach+0x122 /0x250 controladores/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 controladores/base/bus.c:491 [<00000000359c965a>] dispositivo_add+0x5be/0xc30 controladores/base/core.c:3109 [ <00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 controladores/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 controladores/usb/core/generic.c:238 [<00000000d40d3 6f6>] dispositivo_probe_usb+0x5c/ 0x140 controladores/usb/core/driver.c:293 [<00000000bc632c92>] very_probe+0x159/0x4a0 controladores/base/dd.c:554

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-25 CVE Reserved
2024-03-25 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/11f54f228643d0248ec00ce8c9fb8d872f87e7b8	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/448a1cb12977f52142e6feb12022c59662d88dc1	2021-06-03
https://git.kernel.org/stable/c/4a621621c7af3cec21c47c349b30cd9c3cea11c8	2021-06-03
https://git.kernel.org/stable/c/2c2fb2df46ea866b49fea5ec7112ec3cd4896c74	2021-06-03
https://git.kernel.org/stable/c/0365701bc44e078682ee1224866a71897495c7ef	2021-06-03
https://git.kernel.org/stable/c/af2a4426baf71163c0c354580ae98c7888a9aba7	2021-05-28
https://git.kernel.org/stable/c/b34cb7ac32cc8e5471dc773180ea9ae676b1a745	2021-05-28
https://git.kernel.org/stable/c/65234f50a90b64b335cbb9164b8a98c2a0d031dd	2021-05-28
https://git.kernel.org/stable/c/e0652f8bb44d6294eeeac06d703185357f25d50b	2021-05-17

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 4.4.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.4.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 4.9.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.9.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 4.14.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.14.235"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 4.19.193 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.19.193"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 5.4.123 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.4.123"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 5.10.41 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.10.41"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 5.12.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.12.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.0 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 5.13"		en		Affected