5.5

CVE-2021-47499

EPSS 0.01%
Veröffentlicht 24.05.2024 15:15:09
Zuletzt bearbeitet 06.01.2025 20:45:41
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove

When ACPI type is ACPI_SMO8500, the data->dready_trig will not be set, the
memory allocated by iio_triggered_buffer_setup() will not be freed, and cause
memory leak as follows:

unreferenced object 0xffff888009551400 (size 512):
  comm "i2c-SMO8500-125", pid 911, jiffies 4294911787 (age 83.852s)
  hex dump (first 32 bytes):
    02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 20 e2 e5 c0 ff ff ff ff  ........ .......
  backtrace:
    [<0000000041ce75ee>] kmem_cache_alloc_trace+0x16d/0x360
    [<000000000aeb17b0>] iio_kfifo_allocate+0x41/0x130 [kfifo_buf]
    [<000000004b40c1f5>] iio_triggered_buffer_setup_ext+0x2c/0x210 [industrialio_triggered_buffer]
    [<000000004375b15f>] kxcjk1013_probe+0x10c3/0x1d81 [kxcjk_1013]

Fix it by remove data->dready_trig condition in probe and remove.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.2 < 4.4.295

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.293

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.258

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.221

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.165

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.85

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.8

Linux ≫ Linux Kernel Version5.16 Updaterc1

Linux ≫ Linux Kernel Version5.16 Updaterc2

Linux ≫ Linux Kernel Version5.16 Updaterc3

Linux ≫ Linux Kernel Version5.16 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.015

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/14508fe13b1c578b3d2ba574f1d48b351975860c

Patch

https://git.kernel.org/stable/c/3899700ddacbf7aaafadf44464fff3ff0d4e3307

Patch

https://git.kernel.org/stable/c/60a55b9d91ba99eb8cf015bc46dc2de05e168a15

Patch

https://git.kernel.org/stable/c/70c9774e180d151abaab358108e3510a8e615215

Patch

https://git.kernel.org/stable/c/8c163a14277115ca962103910ab4cce55e862ffb

Patch

https://git.kernel.org/stable/c/8c1d43f3a3fc7184c42d7398bdf59a2a2903e4fc

Patch

https://git.kernel.org/stable/c/a3730f74159ad00a28960c0efe2a931fe6fe6b45

Patch

https://git.kernel.org/stable/c/ee86d0bad80bdcd11a87e188a596727f41b62320

Patch

https://nvd.nist.gov/vuln/detail/CVE-2021-47499

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-47499

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-47499

EUVD