DEBIAN-CVE-2021-47249
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2021-47249
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47249.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-47249
- Upstream
- Published
- 2024-05-21T15:15:13Z
- Modified
- 2025-09-19T06:09:01Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rdsrecvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rdsrecvmsg(struct socket *sock, struct msghdr *msg, sizet size, int msgflags) { ... if (!rdsnextincoming(rs, &inc)) { ... } After this "if" inc refcount incremented and if (rdscmsgrecv(inc, msg, rs)) { ret = -EFAULT; goto out; } ... out: return ret; } in case of rdscmsgrecv() fail the refcount won't be decremented. And it's easy to see from ftrace log, that rdsincaddref() don't have rdsincput() pair in rdsrecvmsg() after rdscmsgrecv() 1) | rdsrecvmsg() { 1) 3.721 us | rdsincaddref(); 1) 3.853 us | rdsmessageinccopytouser(); 1) + 10.395 us | rdscmsg_recv(); 1) + 34.260 us | }
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source