CVE-2021-47237

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47237
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47237.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47237
Related
Published
2024-05-21T15:15:12Z
Modified
2024-09-18T01:00:22Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

net: hamradio: fix memory leak in mkiss_close

My local syzbot instance hit memory leak in mkissopen()[1]. The problem was in missing freenetdev() in mkiss_close().

In mkissopen() netdevice is allocated and then registered, but in mkissclose() netdevice was only unregistered, but not freed.

Fail log:

BUG: memory leak unreferenced object 0xffff8880281ba000 (size 4096): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ax0............. 00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00 .'.*............ backtrace: [<ffffffff81a27201>] kvmallocnode+0x61/0xf0 [<ffffffff8706e7e8>] allocnetdevmqs+0x98/0xe80 [<ffffffff84e64192>] mkissopen+0xb2/0x6f0 [1] [<ffffffff842355db>] ttyldiscopen+0x9b/0x110 [<ffffffff84236488>] ttysetldisc+0x2e8/0x670 [<ffffffff8421f7f3>] ttyioctl+0xda3/0x1440 [<ffffffff81c9f273>] _x64sysioctl+0x193/0x200 [<ffffffff8911263a>] dosyscall64+0x3a/0xb0 [<ffffffff89200068>] entrySYSCALL64afterhwframe+0x44/0xae

BUG: memory leak unreferenced object 0xffff8880141a9a00 (size 96): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff ...(.......(.... 98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00 .....@.......... backtrace: [<ffffffff8709f68b>] _hwaddrcreateex+0x5b/0x310 [<ffffffff8709fb38>] _hwaddraddex+0x1f8/0x2b0 [<ffffffff870a0c7b>] devaddrinit+0x10b/0x1f0 [<ffffffff8706e88b>] allocnetdevmqs+0x13b/0xe80 [<ffffffff84e64192>] mkissopen+0xb2/0x6f0 [1] [<ffffffff842355db>] ttyldiscopen+0x9b/0x110 [<ffffffff84236488>] ttysetldisc+0x2e8/0x670 [<ffffffff8421f7f3>] ttyioctl+0xda3/0x1440 [<ffffffff81c9f273>] _x64sysioctl+0x193/0x200 [<ffffffff8911263a>] dosyscall64+0x3a/0xb0 [<ffffffff89200068>] entrySYSCALL64after_hwframe+0x44/0xae

BUG: memory leak unreferenced object 0xffff8880219bfc00 (size 512): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff ...(............ 80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff81a27201>] kvmallocnode+0x61/0xf0 [<ffffffff8706eec7>] allocnetdevmqs+0x777/0xe80 [<ffffffff84e64192>] mkissopen+0xb2/0x6f0 [1] [<ffffffff842355db>] ttyldiscopen+0x9b/0x110 [<ffffffff84236488>] ttysetldisc+0x2e8/0x670 [<ffffffff8421f7f3>] ttyioctl+0xda3/0x1440 [<ffffffff81c9f273>] _x64sysioctl+0x193/0x200 [<ffffffff8911263a>] dosyscall64+0x3a/0xb0 [<ffffffff89200068>] entrySYSCALL64afterhwframe+0x44/0xae

BUG: memory leak unreferenced object 0xffff888029b2b200 (size 256): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff81a27201>] kvmallocnode+0x61/0xf0 [<ffffffff8706f062>] allocnetdevmqs+0x912/0xe80 [<ffffffff84e64192>] mkissopen+0xb2/0x6f0 [1] [<ffffffff842355db>] ttyldiscopen+0x9b/0x110 [<ffffffff84236488>] ttysetldisc+0x2e8/0x670 [<ffffffff8421f7f3>] ttyioctl+0xda3/0x1440 [<ffffffff81c9f273>] _x64sysioctl+0x193/0x200 [<ffffffff8911263a>] dosyscall64+0x3a/0xb0 [<ffffffff89200068>] entrySYSCALL64afterhwframe+0x44/0xae

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}