CVE-2021-47236: net: cdc_eem: fix tx fixup skb leak
In the Linux kernel, the following vulnerability has been resolved:
net: cdceem: fix tx fixup skb leak
The Linux kernel CVE team has assigned CVE-2021-47236 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47236-c679@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
net: cdceem: fix tx fixup skb leak
when usbnet transmit a skb, eem fixup it in eemtxfixup(), if skbcopyexpand() failed, it return NULL, usbnetstartxmit() will have no chance to free original skb.
fix it by free orginal skb in eemtxfixup() first, then check skb clone status, if failed, return NULL to usbnet.
— NVD
Linux Kernel is vulnerable to a denial of service, caused by an error related to tx fixup skb leak. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2021-47236?
CVE-2021-47236 has been classified as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2021-47236?
To fix CVE-2021-47236, upgrade your Linux kernel to versions 4.4.274, 4.9.274, 4.14.238, 4.19.196, 5.4.128, 5.10.46, 5.12.13, or 5.13.
Which systems are affected by CVE-2021-47236?
CVE-2021-47236 affects multiple versions of the Linux kernel and IBM Security Verify Governance up to version 10.0.2.
What components are impacted by CVE-2021-47236?
CVE-2021-47236 specifically impacts the net: cdc_eem component of the Linux kernel.
Is CVE-2021-47236 being actively exploited?
As of now, there is no public indication that CVE-2021-47236 is being actively exploited in the wild.