Action not permitted
Modal body text goes here.
Modal Title
Modal Body
gsd-2021-47237
Vulnerability from gsd
Modified
2024-04-11 05:05
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-47237"
],
"id": "GSD-2021-47237",
"modified": "2024-04-11T05:05:09.685235Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-47237",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
CVE-2021-47237 (GCVE-0-2021-47237)
Vulnerability from cvelistv5
Published
2024-05-21 14:19
Modified
2025-05-04 07:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hamradio: fix memory leak in mkiss_close
My local syzbot instance hit memory leak in
mkiss_open()[1]. The problem was in missing
free_netdev() in mkiss_close().
In mkiss_open() netdevice is allocated and then
registered, but in mkiss_close() netdevice was
only unregistered, but not freed.
Fail log:
BUG: memory leak
unreferenced object 0xffff8880281ba000 (size 4096):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ax0.............
00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00 .'.*............
backtrace:
[<ffffffff81a27201>] kvmalloc_node+0x61/0xf0
[<ffffffff8706e7e8>] alloc_netdev_mqs+0x98/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff8880141a9a00 (size 96):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff ...(.......(....
98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00 .....@..........
backtrace:
[<ffffffff8709f68b>] __hw_addr_create_ex+0x5b/0x310
[<ffffffff8709fb38>] __hw_addr_add_ex+0x1f8/0x2b0
[<ffffffff870a0c7b>] dev_addr_init+0x10b/0x1f0
[<ffffffff8706e88b>] alloc_netdev_mqs+0x13b/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff8880219bfc00 (size 512):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff ...(............
80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff81a27201>] kvmalloc_node+0x61/0xf0
[<ffffffff8706eec7>] alloc_netdev_mqs+0x777/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff888029b2b200 (size 256):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff81a27201>] kvmalloc_node+0x61/0xf0
[<ffffffff8706f062>] alloc_netdev_mqs+0x912/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 815f62bf742718458ba822a7e1f51f285eb997f2 Version: 815f62bf742718458ba822a7e1f51f285eb997f2 Version: 815f62bf742718458ba822a7e1f51f285eb997f2 Version: 815f62bf742718458ba822a7e1f51f285eb997f2 Version: 815f62bf742718458ba822a7e1f51f285eb997f2 Version: 815f62bf742718458ba822a7e1f51f285eb997f2 Version: 815f62bf742718458ba822a7e1f51f285eb997f2 Version: 815f62bf742718458ba822a7e1f51f285eb997f2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:07.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c634ba0b4159838ff45a60d3a0ace3b4118077a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3942d0f9ace1a95a74930b5b4fc0e5005c62b37b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/765a8a04f828db7222b36a42b1031f576bfe95c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c16c4716a1b5ba4f83c7e00da457cba06761f119"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a49cbb762ef20655f5c91abdc13658b0af5e159d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/290b0b6432e2599021db0b8d6046f756d931c29f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4de2b43d13b7cf3ced9310e371b90c836dbd7cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7edcc682301492380fbdd604b4516af5ae667a13"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:40:03.924521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:12.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/hamradio/mkiss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c634ba0b4159838ff45a60d3a0ace3b4118077a5",
"status": "affected",
"version": "815f62bf742718458ba822a7e1f51f285eb997f2",
"versionType": "git"
},
{
"lessThan": "3942d0f9ace1a95a74930b5b4fc0e5005c62b37b",
"status": "affected",
"version": "815f62bf742718458ba822a7e1f51f285eb997f2",
"versionType": "git"
},
{
"lessThan": "765a8a04f828db7222b36a42b1031f576bfe95c3",
"status": "affected",
"version": "815f62bf742718458ba822a7e1f51f285eb997f2",
"versionType": "git"
},
{
"lessThan": "c16c4716a1b5ba4f83c7e00da457cba06761f119",
"status": "affected",
"version": "815f62bf742718458ba822a7e1f51f285eb997f2",
"versionType": "git"
},
{
"lessThan": "a49cbb762ef20655f5c91abdc13658b0af5e159d",
"status": "affected",
"version": "815f62bf742718458ba822a7e1f51f285eb997f2",
"versionType": "git"
},
{
"lessThan": "290b0b6432e2599021db0b8d6046f756d931c29f",
"status": "affected",
"version": "815f62bf742718458ba822a7e1f51f285eb997f2",
"versionType": "git"
},
{
"lessThan": "f4de2b43d13b7cf3ced9310e371b90c836dbd7cd",
"status": "affected",
"version": "815f62bf742718458ba822a7e1f51f285eb997f2",
"versionType": "git"
},
{
"lessThan": "7edcc682301492380fbdd604b4516af5ae667a13",
"status": "affected",
"version": "815f62bf742718458ba822a7e1f51f285eb997f2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/hamradio/mkiss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.14"
},
{
"lessThan": "2.6.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.196",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.128",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.274",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.274",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.238",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.196",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.128",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.46",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.13",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "2.6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hamradio: fix memory leak in mkiss_close\n\nMy local syzbot instance hit memory leak in\nmkiss_open()[1]. The problem was in missing\nfree_netdev() in mkiss_close().\n\nIn mkiss_open() netdevice is allocated and then\nregistered, but in mkiss_close() netdevice was\nonly unregistered, but not freed.\n\nFail log:\n\nBUG: memory leak\nunreferenced object 0xffff8880281ba000 (size 4096):\n comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n hex dump (first 32 bytes):\n 61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ax0.............\n 00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00 .\u0027.*............\n backtrace:\n [\u003cffffffff81a27201\u003e] kvmalloc_node+0x61/0xf0\n [\u003cffffffff8706e7e8\u003e] alloc_netdev_mqs+0x98/0xe80\n [\u003cffffffff84e64192\u003e] mkiss_open+0xb2/0x6f0 [1]\n [\u003cffffffff842355db\u003e] tty_ldisc_open+0x9b/0x110\n [\u003cffffffff84236488\u003e] tty_set_ldisc+0x2e8/0x670\n [\u003cffffffff8421f7f3\u003e] tty_ioctl+0xda3/0x1440\n [\u003cffffffff81c9f273\u003e] __x64_sys_ioctl+0x193/0x200\n [\u003cffffffff8911263a\u003e] do_syscall_64+0x3a/0xb0\n [\u003cffffffff89200068\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBUG: memory leak\nunreferenced object 0xffff8880141a9a00 (size 96):\n comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n hex dump (first 32 bytes):\n e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff ...(.......(....\n 98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00 .....@..........\n backtrace:\n [\u003cffffffff8709f68b\u003e] __hw_addr_create_ex+0x5b/0x310\n [\u003cffffffff8709fb38\u003e] __hw_addr_add_ex+0x1f8/0x2b0\n [\u003cffffffff870a0c7b\u003e] dev_addr_init+0x10b/0x1f0\n [\u003cffffffff8706e88b\u003e] alloc_netdev_mqs+0x13b/0xe80\n [\u003cffffffff84e64192\u003e] mkiss_open+0xb2/0x6f0 [1]\n [\u003cffffffff842355db\u003e] tty_ldisc_open+0x9b/0x110\n [\u003cffffffff84236488\u003e] tty_set_ldisc+0x2e8/0x670\n [\u003cffffffff8421f7f3\u003e] tty_ioctl+0xda3/0x1440\n [\u003cffffffff81c9f273\u003e] __x64_sys_ioctl+0x193/0x200\n [\u003cffffffff8911263a\u003e] do_syscall_64+0x3a/0xb0\n [\u003cffffffff89200068\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBUG: memory leak\nunreferenced object 0xffff8880219bfc00 (size 512):\n comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n hex dump (first 32 bytes):\n 00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff ...(............\n 80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffff81a27201\u003e] kvmalloc_node+0x61/0xf0\n [\u003cffffffff8706eec7\u003e] alloc_netdev_mqs+0x777/0xe80\n [\u003cffffffff84e64192\u003e] mkiss_open+0xb2/0x6f0 [1]\n [\u003cffffffff842355db\u003e] tty_ldisc_open+0x9b/0x110\n [\u003cffffffff84236488\u003e] tty_set_ldisc+0x2e8/0x670\n [\u003cffffffff8421f7f3\u003e] tty_ioctl+0xda3/0x1440\n [\u003cffffffff81c9f273\u003e] __x64_sys_ioctl+0x193/0x200\n [\u003cffffffff8911263a\u003e] do_syscall_64+0x3a/0xb0\n [\u003cffffffff89200068\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBUG: memory leak\nunreferenced object 0xffff888029b2b200 (size 256):\n comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffff81a27201\u003e] kvmalloc_node+0x61/0xf0\n [\u003cffffffff8706f062\u003e] alloc_netdev_mqs+0x912/0xe80\n [\u003cffffffff84e64192\u003e] mkiss_open+0xb2/0x6f0 [1]\n [\u003cffffffff842355db\u003e] tty_ldisc_open+0x9b/0x110\n [\u003cffffffff84236488\u003e] tty_set_ldisc+0x2e8/0x670\n [\u003cffffffff8421f7f3\u003e] tty_ioctl+0xda3/0x1440\n [\u003cffffffff81c9f273\u003e] __x64_sys_ioctl+0x193/0x200\n [\u003cffffffff8911263a\u003e] do_syscall_64+0x3a/0xb0\n [\u003cffffffff89200068\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:06:54.347Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c634ba0b4159838ff45a60d3a0ace3b4118077a5"
},
{
"url": "https://git.kernel.org/stable/c/3942d0f9ace1a95a74930b5b4fc0e5005c62b37b"
},
{
"url": "https://git.kernel.org/stable/c/765a8a04f828db7222b36a42b1031f576bfe95c3"
},
{
"url": "https://git.kernel.org/stable/c/c16c4716a1b5ba4f83c7e00da457cba06761f119"
},
{
"url": "https://git.kernel.org/stable/c/a49cbb762ef20655f5c91abdc13658b0af5e159d"
},
{
"url": "https://git.kernel.org/stable/c/290b0b6432e2599021db0b8d6046f756d931c29f"
},
{
"url": "https://git.kernel.org/stable/c/f4de2b43d13b7cf3ced9310e371b90c836dbd7cd"
},
{
"url": "https://git.kernel.org/stable/c/7edcc682301492380fbdd604b4516af5ae667a13"
}
],
"title": "net: hamradio: fix memory leak in mkiss_close",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47237",
"datePublished": "2024-05-21T14:19:38.396Z",
"dateReserved": "2024-04-10T18:59:19.531Z",
"dateUpdated": "2025-05-04T07:06:54.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…