CVE-2021-47519
can: m_can: m_can_read_fifo: fix memory leak in error branch
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
can: m_can: m_can_read_fifo: fix memory leak in error branch
In m_can_read_fifo(), if the second call to m_can_fifo_read() fails,
the function jump to the out_fail label and returns without calling
m_can_receive_skb(). This means that the skb previously allocated by
alloc_can_skb() is not freed. In other terms, this is a memory leak.
This patch adds a goto label to destroy the skb if an error occurs.
Issue was found with GCC -fanalyzer, please follow the link below for
details.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: m_can: m_can_read_fifo: corrige la pérdida de memoria en la rama de error En m_can_read_fifo(), si la segunda llamada a m_can_fifo_read() falla, la función salta a la etiqueta out_fail y regresa sin llamar m_can_receive_skb(). Esto significa que el skb previamente asignado por alloc_can_skb() no se libera. En otras palabras, se trata de una pérdida de memoria. Este parche agrega una etiqueta goto para destruir el skb si ocurre un error. Se encontró un problema con GCC -fanalyzer; siga el enlace a continuación para obtener más detalles.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-05-24 CVE Reserved
- 2024-05-24 CVE Published
- 2024-05-25 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/e39381770ec9ca3c51d8b9bd9cc6e01d78ea974a | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.kernel.org/stable/c/75a422165477dd12d2d20aa7c9ee7c9a281c9908 | 2021-12-14 | |
https://git.kernel.org/stable/c/31cb32a590d62b18f69a9a6d433f4e69c74fdd56 | 2021-12-07 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.15.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.8" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.16" | en |
Affected
|