5.5

CVE-2021-47344

media: zr364xx: fix memory leak in zr364xx_start_readpipe

In the Linux kernel, the following vulnerability has been resolved:

media: zr364xx: fix memory leak in zr364xx_start_readpipe

syzbot reported memory leak in zr364xx driver.
The problem was in non-freed urb in case of
usb_submit_urb() fail.

backtrace:
  [<ffffffff82baedf6>] kmalloc include/linux/slab.h:561 [inline]
  [<ffffffff82baedf6>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
  [<ffffffff82f7cce8>] zr364xx_start_readpipe+0x78/0x130 drivers/media/usb/zr364xx/zr364xx.c:1022
  [<ffffffff84251dfc>] zr364xx_board_init drivers/media/usb/zr364xx/zr364xx.c:1383 [inline]
  [<ffffffff84251dfc>] zr364xx_probe+0x6a3/0x851 drivers/media/usb/zr364xx/zr364xx.c:1516
  [<ffffffff82bb6507>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
  [<ffffffff826018a9>] really_probe+0x159/0x500 drivers/base/dd.c:576
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.32 < 4.4.276
LinuxLinux Kernel Version >= 4.5 < 4.9.276
LinuxLinux Kernel Version >= 4.10 < 4.14.240
LinuxLinux Kernel Version >= 4.15 < 4.19.198
LinuxLinux Kernel Version >= 4.20 < 5.4.133
LinuxLinux Kernel Version >= 5.5 < 5.10.51
LinuxLinux Kernel Version >= 5.11 < 5.12.18
LinuxLinux Kernel Version >= 5.13 < 5.13.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.154
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/021c294dff030f3ba38eb81e400ba123db32ecbc
Patch
https://git.kernel.org/stable/c/0a045eac8d0427b64577a24d74bb8347c905ac65
Patch
https://git.kernel.org/stable/c/0edd6759167295ea9969e89283b81017b4c688aa
Patch
https://git.kernel.org/stable/c/5f3f81f1c96b501d180021c23c25e9f48eaab235
Patch
https://git.kernel.org/stable/c/b0633051a6cb24186ff04ce1af99c7de18c1987e
Patch
https://git.kernel.org/stable/c/bbc80a972a3c5d7eba3f6c9c07af8fea42f5c513
Patch
https://git.kernel.org/stable/c/c57b2bd3247925e253729dce283d6bf6abc9339d
Patch
https://git.kernel.org/stable/c/c57bfd8000d7677bf435873b440eec0c47f73a08
Patch
https://git.kernel.org/stable/c/d69b39d89f362cfeeb54a68690768d0d257b2c8f
Patch