CVE-2021-47249
- Source
- https://cve.org/CVERecord?id=CVE-2021-47249
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47249.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-47249
- Downstream
- Related
- Published
- 2024-05-21T15:15:13.857Z
- Modified
- 2026-03-15T22:43:09.011773Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: rds: fix memory leak in rds_recvmsg
Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error.
int rdsrecvmsg(struct socket *sock, struct msghdr *msg, sizet size, int msg_flags) { ...
if (!rds_next_incoming(rs, &inc)) { ... }After this "if" inc refcount incremented and
if (rds_cmsg_recv(inc, msg, rs)) { ret = -EFAULT; goto out; }... out: return ret; }
in case of rdscmsgrecv() fail the refcount won't be decremented. And it's easy to see from ftrace log, that rdsincaddref() don't have rdsincput() pair in rdsrecvmsg() after rdscmsg_recv()
1) | rdsrecvmsg() { 1) 3.721 us | rdsincaddref(); 1) 3.853 us | rdsmessageinccopytouser(); 1) + 10.395 us | rdscmsgrecv(); 1) + 34.260 us | }
- References
-
- https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042
- https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c
- https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f
- https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86
- https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f
- https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91
- https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a
- https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02
Affected packages
Git /
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47249.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "2.6.30"
},
{
"fixed": "4.4.274"
}
]
},
{
"events": [
{
"introduced": "4.5"
},
{
"fixed": "4.9.274"
}
]
},
{
"events": [
{
"introduced": "4.10"
},
{
"fixed": "4.14.238"
}
]
},
{
"events": [
{
"introduced": "4.15"
},
{
"fixed": "4.19.196"
}
]
},
{
"events": [
{
"introduced": "4.20"
},
{
"fixed": "5.4.128"
}
]
},
{
"events": [
{
"introduced": "5.5"
},
{
"fixed": "5.10.46"
}
]
},
{
"events": [
{
"introduced": "5.11"
},
{
"fixed": "5.12.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc6"
}
]
}
]