CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
In the Linux kernel, the following vulnerability has been resolved: NFC:
st21nfca: Fix memory leak in device probe and remove ‘phy->pending_skb’ is
alloced when device probe, but forgot to free in the error handling path
and remove path, this cause memory leak as follows: unreferenced object
0xffff88800bc06800 (size 512): comm “8”, pid 11775, jiffies 4295159829 (age
9.032s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 … 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
… backtrace: [<00000000d66c09ce>]
__kmalloc_node_track_caller+0x1ed/0x450 [<00000000c93382b3>]
kmalloc_reserve+0x37/0xd0 [<000000005fea522c>] __alloc_skb+0x124/0x380
[<0000000019f29f9a>] st21nfca_hci_i2c_probe+0x170/0x8f2 Fix it by freeing
‘pending_skb’ in error and remove.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-4.15 | < any | UNKNOWN |
git.kernel.org/linus/1b9dadba502234eea7244879b8d5d126bfaf9f0c (5.16-rc8)
git.kernel.org/stable/c/1b9dadba502234eea7244879b8d5d126bfaf9f0c
git.kernel.org/stable/c/1cd4063dbc91cf7965d73a6a3855e2028cd4613b
git.kernel.org/stable/c/238920381b8925d070d32d73cd9ce52ab29896fe
git.kernel.org/stable/c/38c3e320e7ff46f2dc67bc5045333e63d9f8918d
git.kernel.org/stable/c/a1e0080a35a16ce3808f7040fe0c3a8fdb052349
git.kernel.org/stable/c/e553265ea56482da5700f56319fda9ff53e7dcb4
launchpad.net/bugs/cve/CVE-2021-46924
nvd.nist.gov/vuln/detail/CVE-2021-46924
security-tracker.debian.org/tracker/CVE-2021-46924
www.cve.org/CVERecord?id=CVE-2021-46924