In the Linux kernel, the following vulnerability has been resolved:
NFC: st21nfca: Fix memory leak in device probe and remove
‘phy->pending_skb’ is alloced when device probe, but forgot to free
in the error handling path and remove path, this cause memory leak
as follows:
unreferenced object 0xffff88800bc06800 (size 512):
comm “8”, pid 11775, jiffies 4295159829 (age 9.032s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …
backtrace:
[<00000000d66c09ce>] __kmalloc_node_track_caller+0x1ed/0x450
[<00000000c93382b3>] kmalloc_reserve+0x37/0xd0
[<000000005fea522c>] __alloc_skb+0x124/0x380
[<0000000019f29f9a>] st21nfca_hci_i2c_probe+0x170/0x8f2
Fix it by freeing ‘pending_skb’ in error and remove.
[
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "68957303f44a",
"lessThan": "38c3e320e7ff",
"versionType": "git"
},
{
"status": "affected",
"version": "68957303f44a",
"lessThan": "a1e0080a35a1",
"versionType": "git"
},
{
"status": "affected",
"version": "68957303f44a",
"lessThan": "1cd4063dbc91",
"versionType": "git"
},
{
"status": "affected",
"version": "68957303f44a",
"lessThan": "e553265ea564",
"versionType": "git"
},
{
"status": "affected",
"version": "68957303f44a",
"lessThan": "238920381b89",
"versionType": "git"
},
{
"status": "affected",
"version": "68957303f44a",
"lessThan": "1b9dadba5022",
"versionType": "git"
}
],
"programFiles": [
"drivers/nfc/st21nfca/i2c.c"
],
"defaultStatus": "unaffected"
},
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"status": "unaffected",
"version": "0",
"lessThan": "3.16",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "4.14.261",
"versionType": "custom",
"lessThanOrEqual": "4.14.*"
},
{
"status": "unaffected",
"version": "4.19.224",
"versionType": "custom",
"lessThanOrEqual": "4.19.*"
},
{
"status": "unaffected",
"version": "5.4.170",
"versionType": "custom",
"lessThanOrEqual": "5.4.*"
},
{
"status": "unaffected",
"version": "5.10.90",
"versionType": "custom",
"lessThanOrEqual": "5.10.*"
},
{
"status": "unaffected",
"version": "5.15.13",
"versionType": "custom",
"lessThanOrEqual": "5.15.*"
},
{
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix",
"lessThanOrEqual": "*"
}
],
"programFiles": [
"drivers/nfc/st21nfca/i2c.c"
],
"defaultStatus": "affected"
}
]
git.kernel.org/stable/c/1b9dadba502234eea7244879b8d5d126bfaf9f0c
git.kernel.org/stable/c/1cd4063dbc91cf7965d73a6a3855e2028cd4613b
git.kernel.org/stable/c/238920381b8925d070d32d73cd9ce52ab29896fe
git.kernel.org/stable/c/38c3e320e7ff46f2dc67bc5045333e63d9f8918d
git.kernel.org/stable/c/a1e0080a35a16ce3808f7040fe0c3a8fdb052349
git.kernel.org/stable/c/e553265ea56482da5700f56319fda9ff53e7dcb4