5.5

CVE-2021-47249

net: rds: fix memory leak in rds_recvmsg

In the Linux kernel, the following vulnerability has been resolved:

net: rds: fix memory leak in rds_recvmsg

Syzbot reported memory leak in rds. The problem
was in unputted refcount in case of error.

int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
		int msg_flags)
{
...

	if (!rds_next_incoming(rs, &inc)) {
		...
	}

After this "if" inc refcount incremented and

	if (rds_cmsg_recv(inc, msg, rs)) {
		ret = -EFAULT;
		goto out;
	}
...
out:
	return ret;
}

in case of rds_cmsg_recv() fail the refcount won't be
decremented. And it's easy to see from ftrace log, that
rds_inc_addref() don't have rds_inc_put() pair in
rds_recvmsg() after rds_cmsg_recv()

 1)               |  rds_recvmsg() {
 1)   3.721 us    |    rds_inc_addref();
 1)   3.853 us    |    rds_message_inc_copy_to_user();
 1) + 10.395 us   |    rds_cmsg_recv();
 1) + 34.260 us   |  }
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.30 < 4.4.274
LinuxLinux Kernel Version >= 4.5 < 4.9.274
LinuxLinux Kernel Version >= 4.10 < 4.14.238
LinuxLinux Kernel Version >= 4.15 < 4.19.196
LinuxLinux Kernel Version >= 4.20 < 5.4.128
LinuxLinux Kernel Version >= 5.5 < 5.10.46
LinuxLinux Kernel Version >= 5.11 < 5.12.13
LinuxLinux Kernel Version5.13 Updaterc1
LinuxLinux Kernel Version5.13 Updaterc2
LinuxLinux Kernel Version5.13 Updaterc3
LinuxLinux Kernel Version5.13 Updaterc4
LinuxLinux Kernel Version5.13 Updaterc5
LinuxLinux Kernel Version5.13 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.143
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a
Patch
https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02
Patch
https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042
Patch
https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c
Patch
https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f
Patch
https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86
Patch
https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f
Patch
https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91
Patch