In the Linux kernel, the following vulnerability has been resolved: HID:
amd_sfh: Fix memory leak in amd_sfh_work Kmemleak tool detected a memory
leak in the amd_sfh driver. ==================== unreferenced object
0xffff88810228ada0 (size 32): comm “insmod”, pid 3968, jiffies 4295056001
(age 775.792s) hex dump (first 32 bytes): 00 20 73 1f 81 88 ff ff 00 01 00
00 00 00 ad de . s… 22 01 00 00 00 00 ad de 01 00 02 00 00 00
00 00 "… backtrace: [<000000007b4c8799>]
kmem_cache_alloc_trace+0x163/0x4f0 [<0000000005326893>]
amd_sfh_get_report+0xa4/0x1d0 [amd_sfh] [<000000002a9e5ec4>]
amdtp_hid_request+0x62/0x80 [amd_sfh] [<00000000b8a95807>]
sensor_hub_get_feature+0x145/0x270 [hid_sensor_hub] [<00000000fda054ee>]
hid_sensor_parse_common_attributes+0x215/0x460 [hid_sensor_iio_common]
[<0000000021279ecf>] hid_accel_3d_probe+0xff/0x4a0 [hid_sensor_accel_3d]
[<00000000915760ce>] platform_probe+0x6a/0xd0 [<0000000060258a1f>]
really_probe+0x192/0x620 [<00000000fa812f2d>]
driver_probe_device+0x14a/0x1d0 [<000000005e79f7fd>]
__device_attach_driver+0xbd/0x110 [<0000000070d15018>]
bus_for_each_drv+0xfd/0x160 [<0000000013a3c312>]
__device_attach+0x18b/0x220 [<000000008c7b4afc>]
device_initial_probe+0x13/0x20 [<00000000e6e99665>]
bus_probe_device+0xfe/0x120 [<00000000833fa90b>] device_add+0x6a6/0xe00
[<00000000fa901078>] platform_device_add+0x180/0x380 ====================
The fix is to freeing request_list entry once the processed entry is
removed from the request_list.
Author | Note |
---|---|
sbeattie | introduced in 5.11, fixed in 5.13 |
git.kernel.org/linus/5ad755fd2b326aa2bc8910b0eb351ee6aece21b1 (5.13-rc5)
git.kernel.org/stable/c/29beadea66a226d744d5ffdcde6b984623053d24
git.kernel.org/stable/c/5ad755fd2b326aa2bc8910b0eb351ee6aece21b1
launchpad.net/bugs/cve/CVE-2021-47133
nvd.nist.gov/vuln/detail/CVE-2021-47133
security-tracker.debian.org/tracker/CVE-2021-47133
www.cve.org/CVERecord?id=CVE-2021-47133