CVE-2021-47671

can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path In es58x_rx_err_msg(), if can->do_set_mode() fails, the function
directly returns without calling netif_rx(skb). This means that the
skb previously allocated by alloc_can_err_skb() is not freed. In other
terms, this is a memory leak. This patch simply removes the return statement in the error branch and
let the function continue. Issue was found with GCC -fanalyzer, please follow the link below for
details.

*Credits: N/A

CVSS Scores

CISAv3.1 3.3

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-04-17 CVE Published
2025-04-17 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/8537257874e949a59c834cecfd5a063e11b64b0b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4f389e1276a5389c92cef860c9fde8e1c802a871	2021-11-17
https://git.kernel.org/stable/c/7eb0881aec26099089f12ae850aebd93190b1dfe	2021-11-18
https://git.kernel.org/stable/c/d9447f768bc8c60623e4bb3ce65b8f4654d33a50	2021-11-06

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.14.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.14.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.15.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.16"		en		Affected