CVE-2021-47250

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47250
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47250.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47250
Related
Published
2024-05-21T15:15:13Z
Modified
2024-09-11T02:00:04Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

net: ipv4: fix memory leak in netlblcipsov4add_std

Reported by syzkaller: BUG: memory leak unreferenced object 0xffff888105df7000 (size 64): comm "syz-executor842", pid 360, jiffies 4294824824 (age 22.546s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000e67ed558>] kmalloc include/linux/slab.h:590 [inline] [<00000000e67ed558>] kzalloc include/linux/slab.h:720 [inline] [<00000000e67ed558>] netlblcipsov4addstd net/netlabel/netlabelcipsov4.c:145 [inline] [<00000000e67ed558>] netlblcipsov4add+0x390/0x2340 net/netlabel/netlabelcipsov4.c:416 [<0000000006040154>] genlfamilyrcvmsgdoit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739 [<00000000204d7a1c>] genlfamilyrcvmsg net/netlink/genetlink.c:783 [inline] [<00000000204d7a1c>] genlrcvmsg+0x2bf/0x4f0 net/netlink/genetlink.c:800 [<00000000c0d6a995>] netlinkrcvskb+0x134/0x3d0 net/netlink/afnetlink.c:2504 [<00000000d78b9d2c>] genlrcv+0x24/0x40 net/netlink/genetlink.c:811 [<000000009733081b>] netlinkunicastkernel net/netlink/afnetlink.c:1314 [inline] [<000000009733081b>] netlinkunicast+0x4a0/0x6a0 net/netlink/afnetlink.c:1340 [<00000000d5fd43b8>] netlinksendmsg+0x789/0xc70 net/netlink/afnetlink.c:1929 [<000000000a2d1e40>] socksendmsgnosec net/socket.c:654 [inline] [<000000000a2d1e40>] socksendmsg+0x139/0x170 net/socket.c:674 [<00000000321d1969>] _syssendmsg+0x658/0x7d0 net/socket.c:2350 [<00000000964e16bc>] syssendmsg+0xf8/0x170 net/socket.c:2404 [<000000001615e288>] _syssendmsg+0xd3/0x190 net/socket.c:2433 [<000000004ee8b6a5>] dosyscall64+0x37/0x90 arch/x86/entry/common.c:47 [<00000000171c7cee>] entrySYSCALL64afterhwframe+0x44/0xae

The memory of doidef->map.std pointing is allocated in netlblcipsov4addstd, but no place has freed it. It should be freed in cipsov4doi_free which frees the cipso DOI resource.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}