CVE-2021-47258

scsi: core: Fix error handling of scsi_host_alloc()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

scsi: core: Fix error handling of scsi_host_alloc()

After device is initialized via device_initialize(), or its name is set via
dev_set_name(), the device has to be freed via put_device(). Otherwise
device name will be leaked because it is allocated dynamically in
dev_set_name().

Fix the leak by replacing kfree() with put_device(). Since
scsi_host_dev_release() properly handles IDA and kthread removal, remove
special-casing these from the error handling as well.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: core: corrige el manejo de errores de scsi_host_alloc(). Después de que el dispositivo se inicializa mediante device_initialize(), o su nombre se establece mediante dev_set_name(), el dispositivo debe liberarse mediante put_device (). De lo contrario, se filtrará el nombre del dispositivo porque se asigna dinámicamente en dev_set_name(). Solucione la fuga reemplazando kfree() con put_device(). Dado que scsi_host_dev_release() maneja adecuadamente la eliminación de IDA y kthread, elimine también estas mayúsculas y minúsculas especiales del manejo de errores.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-04-10 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8958181c1663e24a13434448e7d6b96b5d04900a	2021-06-16
https://git.kernel.org/stable/c/db08ce595dd64ea9859f7d088b51cbfc8e685c66	2021-06-16
https://git.kernel.org/stable/c/2dc85045ae65b9302a1d2e2ddd7ce4c030153a6a	2021-06-16
https://git.kernel.org/stable/c/79296e292d67fa7b5fb8d8c27343683e823872c8	2021-06-16
https://git.kernel.org/stable/c/7a696ce1d5d16a33a6cd6400bbcc0339b2460e11	2021-06-16
https://git.kernel.org/stable/c/45d83db4728127944b237c0c8248987df9d478e7	2021-06-16
https://git.kernel.org/stable/c/66a834d092930cf41d809c0e989b13cd6f9ca006	2021-06-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.273 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.273"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.237 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.237"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.195 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.195"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.126 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.126"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.44 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.44"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.12.11 Search vendor "Linux" for product "Linux Kernel" and version " < 5.12.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.13 Search vendor "Linux" for product "Linux Kernel" and version " < 5.13"		en		Affected