CVE-2021-47539 rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()

2024-05-2415:09:46

Linux

github.com

vulnerability resolved

rxrpc_peer leak

function abstract

linux kernel

AI Score

Confidence

Low

EPSS

Percentile

15.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()

Need to call rxrpc_put_peer() for bundle candidate before kfree() as it
holds a ref to rxrpc_peer.

[DH: v2: Changed to abstract out the bundle freeing code into a function]

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "245500d853e9",
        "lessThan": "35b40f724c4e",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "245500d853e9",
        "lessThan": "bc97458620e3",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "245500d853e9",
        "lessThan": "ca77fba82135",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "net/rxrpc/conn_client.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "5.10"
      },
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "5.10",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.10.84",
        "versionType": "custom",
        "lessThanOrEqual": "5.10.*"
      },
      {
        "status": "unaffected",
        "version": "5.15.7",
        "versionType": "custom",
        "lessThanOrEqual": "5.15.*"
      },
      {
        "status": "unaffected",
        "version": "5.16",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "net/rxrpc/conn_client.c"
    ],
    "defaultStatus": "affected"
  }
]