CVE-2021-47250

2024-05-2100:00:00

ubuntu.com

linux kernel

memory leak

netlbl_cipsov4_add_std

vulnerability

netlbl_cipsov4_add_std

syzkaller

cve-2021-47250

bug

backtrace

kmalloc

kzalloc

netlink

genl_family_rcv_msg_doit

genl_rcv_msg

netlink_rcv_skb

genl_rcv

netlink_unicast_kernel

netlink_unicast

netlink_sendmsg

sock_sendmsg_nosec

____sys_sendmsg

__sys_sendmsg

do_syscall_64

entry_syscall_64_after_hwframe

AI Score

6.6

Confidence

High

EPSS

Percentile

13.0%

JSON

In the Linux kernel, the following vulnerability has been resolved: net:
ipv4: fix memory leak in netlbl_cipsov4_add_std Reported by syzkaller: BUG:
memory leak unreferenced object 0xffff888105df7000 (size 64): comm
“syz-executor842”, pid 360, jiffies 4294824824 (age 22.546s) hex dump
(first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
… 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
… backtrace: [<00000000e67ed558>] kmalloc
include/linux/slab.h:590 [inline] [<00000000e67ed558>] kzalloc
include/linux/slab.h:720 [inline] [<00000000e67ed558>]
netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [inline]
[<00000000e67ed558>] netlbl_cipsov4_add+0x390/0x2340
net/netlabel/netlabel_cipso_v4.c:416 [<0000000006040154>]
genl_family_rcv_msg_doit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739
[<00000000204d7a1c>] genl_family_rcv_msg net/netlink/genetlink.c:783
[inline] [<00000000204d7a1c>] genl_rcv_msg+0x2bf/0x4f0
net/netlink/genetlink.c:800 [<00000000c0d6a995>]
netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504
[<00000000d78b9d2c>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
[<000000009733081b>] netlink_unicast_kernel net/netlink/af_netlink.c:1314
[inline] [<000000009733081b>] netlink_unicast+0x4a0/0x6a0
net/netlink/af_netlink.c:1340 [<00000000d5fd43b8>]
netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929
[<000000000a2d1e40>] sock_sendmsg_nosec net/socket.c:654 [inline]
[<000000000a2d1e40>] sock_sendmsg+0x139/0x170 net/socket.c:674
[<00000000321d1969>] ____sys_sendmsg+0x658/0x7d0 net/socket.c:2350
[<00000000964e16bc>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404
[<000000001615e288>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433
[<000000004ee8b6a5>] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47
[<00000000171c7cee>] entry_SYSCALL_64_after_hwframe+0x44/0xae The memory of
doi_def->map.std pointing is allocated in netlbl_cipsov4_add_std, but no
place has freed it. It should be freed in cipso_v4_doi_free which frees the
cipso DOI resource.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu18.04noarchlinux-aws-5.4< anyUNKNOWN
ubuntu16.04noarchlinux-aws-hwe< anyUNKNOWN
ubuntu20.04noarchlinux-azure< anyUNKNOWN
ubuntu14.04noarchlinux-azure< anyUNKNOWN
ubuntu16.04noarchlinux-azure< anyUNKNOWN
ubuntu18.04noarchlinux-azure-4.15< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< any	UNKNOWN
ubuntu	16.04	noarch	linux-aws-hwe	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	14.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	16.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	18.04	noarch	linux-azure-4.15	< any	UNKNOWN