CVE-2021-47171: net: usb: fix memory leak in smsc75xx_bind
In the Linux kernel, the following vulnerability has been resolved:
net: usb: fix memory leak in smsc75xxbind
Syzbot reported memory leak in smsc75xxbind(). The problem was is non-freed memory in case of errors after memory allocation.
backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xxbind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnetprobe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728
Other sources
In the Linux kernel, the following vulnerability has been resolved:
net: usb: fix memory leak in smsc75xxbind
The Linux kernel CVE team has assigned CVE-2021-47171 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024032536-CVE-2021-47171-f223@gregkh/T
— Red Hat
Linux Kernel is vulnerable to a denial of service, caused by a memory leak in smsc75xxbind. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2021-47171?
CVE-2021-47171 is classified as a medium severity vulnerability due to the risk of memory leak.
How do I fix CVE-2021-47171?
To fix CVE-2021-47171, you should update to the patched kernel versions: 4.4.271, 4.9.271, 4.14.235, 4.19.193, 5.4.124, 5.10.42, 5.12.9, or 5.13.
What causes CVE-2021-47171?
CVE-2021-47171 is caused by a memory leak in the smsc75xx_bind function due to non-freed memory during error conditions after allocation.
Which systems are affected by CVE-2021-47171?
CVE-2021-47171 affects various versions of the Linux kernel ranging from 2.6.34 up to 5.13.
Is CVE-2021-47171 remotely exploitable?
CVE-2021-47171 does not have direct indications of remote exploitation, but memory leaks can lead to degraded performance and stability.