CVE-2021-47237
- Source
- https://cve.org/CVERecord?id=CVE-2021-47237
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47237.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-47237
- Downstream
- Related
- Published
- 2024-05-21T15:15:12.930Z
- Modified
- 2026-03-10T23:52:18.993565Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: hamradio: fix memory leak in mkiss_close
My local syzbot instance hit memory leak in mkissopen()[1]. The problem was in missing freenetdev() in mkiss_close().
In mkissopen() netdevice is allocated and then registered, but in mkissclose() netdevice was only unregistered, but not freed.
Fail log:
BUG: memory leak unreferenced object 0xffff8880281ba000 (size 4096): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ax0............. 00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00 .'.*............ backtrace: [<ffffffff81a27201>] kvmallocnode+0x61/0xf0 [<ffffffff8706e7e8>] allocnetdevmqs+0x98/0xe80 [<ffffffff84e64192>] mkissopen+0xb2/0x6f0 [1] [<ffffffff842355db>] ttyldiscopen+0x9b/0x110 [<ffffffff84236488>] ttysetldisc+0x2e8/0x670 [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64sysioctl+0x193/0x200 [<ffffffff8911263a>] dosyscall64+0x3a/0xb0 [<ffffffff89200068>] entrySYSCALL64afterhwframe+0x44/0xae
BUG: memory leak unreferenced object 0xffff8880141a9a00 (size 96): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff ...(.......(.... 98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00 .....@.......... backtrace: [<ffffffff8709f68b>] __hwaddrcreate_ex+0x5b/0x310 [<ffffffff8709fb38>] __hwaddradd_ex+0x1f8/0x2b0 [<ffffffff870a0c7b>] devaddrinit+0x10b/0x1f0 [<ffffffff8706e88b>] allocnetdevmqs+0x13b/0xe80 [<ffffffff84e64192>] mkissopen+0xb2/0x6f0 [1] [<ffffffff842355db>] ttyldiscopen+0x9b/0x110 [<ffffffff84236488>] ttysetldisc+0x2e8/0x670 [<ffffffff8421f7f3>] ttyioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64sysioctl+0x193/0x200 [<ffffffff8911263a>] dosyscall64+0x3a/0xb0 [<ffffffff89200068>] entrySYSCALL64afterhwframe+0x44/0xae
BUG: memory leak unreferenced object 0xffff8880219bfc00 (size 512): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff ...(............ 80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff81a27201>] kvmallocnode+0x61/0xf0 [<ffffffff8706eec7>] allocnetdevmqs+0x777/0xe80 [<ffffffff84e64192>] mkissopen+0xb2/0x6f0 [1] [<ffffffff842355db>] ttyldiscopen+0x9b/0x110 [<ffffffff84236488>] ttysetldisc+0x2e8/0x670 [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64sysioctl+0x193/0x200 [<ffffffff8911263a>] dosyscall64+0x3a/0xb0 [<ffffffff89200068>] entrySYSCALL64afterhwframe+0x44/0xae
BUG: memory leak unreferenced object 0xffff888029b2b200 (size 256): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff81a27201>] kvmallocnode+0x61/0xf0 [<ffffffff8706f062>] allocnetdevmqs+0x912/0xe80 [<ffffffff84e64192>] mkissopen+0xb2/0x6f0 [1] [<ffffffff842355db>] ttyldiscopen+0x9b/0x110 [<ffffffff84236488>] ttysetldisc+0x2e8/0x670 [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64sysioctl+0x193/0x200 [<ffffffff8911263a>] dosyscall64+0x3a/0xb0 [<ffffffff89200068>] entrySYSCALL64afterhwframe+0x44/0xae
- References
-
- https://git.kernel.org/stable/c/765a8a04f828db7222b36a42b1031f576bfe95c3
- https://git.kernel.org/stable/c/7edcc682301492380fbdd604b4516af5ae667a13
- https://git.kernel.org/stable/c/290b0b6432e2599021db0b8d6046f756d931c29f
- https://git.kernel.org/stable/c/a49cbb762ef20655f5c91abdc13658b0af5e159d
- https://git.kernel.org/stable/c/c16c4716a1b5ba4f83c7e00da457cba06761f119
- https://git.kernel.org/stable/c/c634ba0b4159838ff45a60d3a0ace3b4118077a5
- https://git.kernel.org/stable/c/f4de2b43d13b7cf3ced9310e371b90c836dbd7cd
- https://git.kernel.org/stable/c/3942d0f9ace1a95a74930b5b4fc0e5005c62b37b
Affected packages
Git /
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47237.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "2.6.14"
},
{
"fixed": "4.4.274"
}
]
},
{
"events": [
{
"introduced": "4.5"
},
{
"fixed": "4.9.274"
}
]
},
{
"events": [
{
"introduced": "4.10"
},
{
"fixed": "4.14.238"
}
]
},
{
"events": [
{
"introduced": "4.15"
},
{
"fixed": "4.19.196"
}
]
},
{
"events": [
{
"introduced": "4.20"
},
{
"fixed": "5.4.128"
}
]
},
{
"events": [
{
"introduced": "5.5"
},
{
"fixed": "5.10.46"
}
]
},
{
"events": [
{
"introduced": "5.11"
},
{
"fixed": "5.12.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc6"
}
]
}
]