3.3

CVE-2021-47671

can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path

In the Linux kernel, the following vulnerability has been resolved:

can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path

In es58x_rx_err_msg(), if can->do_set_mode() fails, the function
directly returns without calling netif_rx(skb). This means that the
skb previously allocated by alloc_can_err_skb() is not freed. In other
terms, this is a memory leak.

This patch simply removes the return statement in the error branch and
let the function continue.

Issue was found with GCC -fanalyzer, please follow the link below for
details.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.13 < 5.14.19
LinuxLinux Kernel Version >= 5.15 < 5.15.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.053
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/4f389e1276a5389c92cef860c9fde8e1c802a871
Patch
https://git.kernel.org/stable/c/7eb0881aec26099089f12ae850aebd93190b1dfe
Patch
https://git.kernel.org/stable/c/d9447f768bc8c60623e4bb3ce65b8f4654d33a50
Patch