5.5

CVE-2021-47143

net/smc: remove device from smcd_dev_list after failed device_add()

In the Linux kernel, the following vulnerability has been resolved:

net/smc: remove device from smcd_dev_list after failed device_add()

If the device_add() for a smcd_dev fails, there's no cleanup step that
rolls back the earlier list_add(). The device subsequently gets freed,
and we end up with a corrupted list.

Add some error handling that removes the device from the list.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19 < 5.10.42
LinuxLinux Kernel Version >= 5.11 < 5.12.9
LinuxLinux Kernel Version5.13 Updaterc1
LinuxLinux Kernel Version5.13 Updaterc2
LinuxLinux Kernel Version5.13 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.129
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

https://git.kernel.org/stable/c/40588782f1016c655ae1d302892f61d35af96842
Patch
https://git.kernel.org/stable/c/444d7be9532dcfda8e0385226c862fd7e986f607
Patch
https://git.kernel.org/stable/c/8b2cdc004d21a7255f219706dca64411108f7897
Patch