CVE-2021-47455

Published May 22, 2024

Last updated 3 months ago

CVSS medium 5.5

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptp_clock_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 (size 8): comm "i2c-idt82p33931", pid 4421, jiffies 4294948083 (age 13.188s) hex dump (first 8 bytes): 70 74 70 30 00 00 00 00 ptp0.... backtrace: [<00000000312ed458>] __kmalloc_track_caller+0x19f/0x3a0 [<0000000079f6e2ff>] kvasprintf+0xb5/0x150 [<0000000026aae54f>] kvasprintf_const+0x60/0x190 [<00000000f323a5f7>] kobject_set_name_vargs+0x56/0x150 [<000000004e35abdd>] dev_set_name+0xc0/0x100 [<00000000f20cfe25>] ptp_clock_register+0x9f4/0xd30 [ptp] [<000000008bb9f0de>] idt82p33_probe.cold+0x8b6/0x1561 [ptp_idt82p33] When posix_clock_register() returns an error, the name allocated in dev_set_name() will be leaked, the put_device() should be used to give up the device reference, then the name will be freed in kobject_cleanup() and other memory will be freed in ptp_clock_release().
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-401

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "757FC3F8-D35F-4A41-B2EE-FB159111EF5D",
            "versionEndExcluding": "3.17",
            "versionStartIncluding": "3.16.83"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9ADA9CD5-A6CD-490F-A93C-4E5C4CEA8414",
            "versionEndExcluding": "4.5",
            "versionStartIncluding": "4.4.224"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0E0A17F-F59E-41B5-82D3-6A187EC99B69",
            "versionEndExcluding": "4.10",
            "versionStartIncluding": "4.9.224"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8E34938-B599-4B3F-9871-2341E248D9A4",
            "versionEndExcluding": "4.15",
            "versionStartIncluding": "4.14.162"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D83D88FB-206E-466D-BC71-94C228C5C9E7",
            "versionEndExcluding": "4.20",
            "versionStartIncluding": "4.19.93"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B5E1919-20BB-4670-82D1-34EEBD95C3D9",
            "versionEndExcluding": "5.14.15",
            "versionStartIncluding": "5.4.8"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF55383D-4DF2-45DC-93F7-571F4F978EAB"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E9481B2-8AA6-4CBD-B5D3-C10F51FF6D01"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBD45831-4B79-42BC-ABC0-86870F0DEA89"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References