CVE-2021-47171 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

References

Link	Resource
https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa	Patch
https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f	Patch
https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70	Patch
https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0	Patch
https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b	Patch
https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07	Patch
https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc	Patch
https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-25T09:16:22.993Z

Updated: 2024-05-29T05:03:17.612Z

Reserved: 2024-03-25T09:12:14.111Z

Link: CVE-2021-47171

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-03-25T10:15:08.917

Modified: 2024-05-16T21:15:30.830

Link: CVE-2021-47171

JSON object: View

Redhat Information

No data.

CWE

CWE-401

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47171", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-25T09:12:14.111Z", "datePublished": "2024-03-25T09:16:22.993Z", "dateUpdated": "2024-05-29T05:03:17.612Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:03:17.612Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: fix memory leak in smsc75xx_bind\n\nSyzbot reported memory leak in smsc75xx_bind().\nThe problem was is non-freed memory in case of\nerrors after memory allocation.\n\nbacktrace:\n [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline]\n [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline]\n [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460\n [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/smsc75xx.c"], "versions": [{"version": "d0cad871703b", "lessThan": "200dbfcad801", "status": "affected", "versionType": "git"}, {"version": "d0cad871703b", "lessThan": "22c840596af0", "status": "affected", "versionType": "git"}, {"version": "d0cad871703b", "lessThan": "9e6b8c1ff9d9", "status": "affected", "versionType": "git"}, {"version": "d0cad871703b", "lessThan": "9e6a3eccb287", "status": "affected", "versionType": "git"}, {"version": "d0cad871703b", "lessThan": "b95fb96e6339", "status": "affected", "versionType": "git"}, {"version": "d0cad871703b", "lessThan": "635ac38b3625", "status": "affected", "versionType": "git"}, {"version": "d0cad871703b", "lessThan": "70c886ac93f8", "status": "affected", "versionType": "git"}, {"version": "d0cad871703b", "lessThan": "46a8b29c6306", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/smsc75xx.c"], "versions": [{"version": "2.6.34", "status": "affected"}, {"version": "0", "lessThan": "2.6.34", "status": "unaffected", "versionType": "custom"}, {"version": "4.4.271", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.9.271", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.14.235", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.193", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.124", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.42", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12.9", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa"}, {"url": "https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f"}, {"url": "https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc"}, {"url": "https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07"}, {"url": "https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17"}, {"url": "https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0"}, {"url": "https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b"}, {"url": "https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70"}], "title": "net: usb: fix memory leak in smsc75xx_bind", "x_generator": {"engine": "bippy-a5840b7849dd"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A33A1AB8-3E91-4E38-B988-A00527F09E06", "versionEndExcluding": "4.4.271", "versionStartIncluding": "2.6.34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E7DAE3A-78E9-45DB-96D8-4541CD7DC26B", "versionEndExcluding": "4.9.271", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "03A23445-0C1A-42AB-AC5C-768360DDF32C", "versionEndExcluding": "4.14.235", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8DEF3EC-88D9-4B89-8CF9-64BD6C863C9D", "versionEndExcluding": "4.19.193", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "06FE0F99-F7A9-462A-8355-30E2EDA9826B", "versionEndExcluding": "5.4.124", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3E7E799-1C8A-45FB-9E07-4731996144C9", "versionEndExcluding": "5.10.42", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C8A1D02-81A7-44E5-ACFD-CC6A6694F930", "versionEndExcluding": "5.12.9", "versionStartIncluding": "5.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: fix memory leak in smsc75xx_bind\n\nSyzbot reported memory leak in smsc75xx_bind().\nThe problem was is non-freed memory in case of\nerrors after memory allocation.\n\nbacktrace:\n [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline]\n [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline]\n [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460\n [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: usb: corrige la p\u00e9rdida de memoria en smsc75xx_bind Syzbot inform\u00f3 una p\u00e9rdida de memoria en smsc75xx_bind(). El problema era que la memoria no se liberaba en caso de errores despu\u00e9s de la asignaci\u00f3n de memoria. backtrace: [] kmalloc include/linux/slab.h:556 [en l\u00ednea] [] kzalloc include/linux/slab.h:686 [en l\u00ednea] [] smsc75xx_bind+0x7a/0x334 controladores/ net/usb/smsc75xx.c:1460 [] usbnet_probe+0x3b6/0xc30 controladores/net/usb/usbnet.c:1728"}], "id": "CVE-2021-47171", "lastModified": "2024-05-16T21:15:30.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-25T10:15:08.917", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}