CVE-2021-46924

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 13

In the Linux kernel, the following vulnerability has been resolved:

NFC: st21nfca: Fix memory leak in device probe and remove

'phy->pending_skb' is alloced when device probe, but forgot to free
in the error handling path and remove path, this cause memory leak
as follows:

unreferenced object 0xffff88800bc06800 (size 512):
comm "8", pid 11775, jiffies 4295159829 (age 9.032s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d66c09ce>] __kmalloc_node_track_caller+0x1ed/0x450
[<00000000c93382b3>] kmalloc_reserve+0x37/0xd0
[<000000005fea522c>] __alloc_skb+0x124/0x380
[<0000000019f29f9a>] st21nfca_hci_i2c_probe+0x170/0x8f2

Fix it by freeing 'pending_skb' in error and remove.

Weaknesses

CWE-401: Missing Release of Memory after Effective Lifetime

CVE Status: PUBLISHED
CNA: kernel.org
Published Date: 2024-02-27 10:15:07
(6 months ago)
Updated Date: 2024-04-10 15:23:33
(5 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 3.16.0 version and prior 4.14.261 version	cpe:2.3:o:linux:linux_kernel	>= 3.16.0	< 4.14.261
Linux Kernel from 4.15.0 version and prior 4.19.224 version	cpe:2.3:o:linux:linux_kernel	>= 4.15.0	< 4.19.224
Linux Kernel from 4.20.0 version and prior 5.4.170 version	cpe:2.3:o:linux:linux_kernel	>= 4.20.0	< 5.4.170
Linux Kernel from 5.5.0 version and prior 5.10.90 version	cpe:2.3:o:linux:linux_kernel	>= 5.5.0	< 5.10.90
Linux Kernel from 5.11.0 version and prior 5.15.13 version	cpe:2.3:o:linux:linux_kernel	>= 5.11.0	< 5.15.13