CVE-2021-47455

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47455
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47455.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47455
Downstream
Related
Published
2024-05-22T07:15:10Z
Modified
2025-08-28T15:15:37Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ptp: Fix possible memory leak in ptpclockregister()

I got memory leak as follows when doing fault injection test:

unreferenced object 0xffff88800906c618 (size 8): comm "i2c-idt82p33931", pid 4421, jiffies 4294948083 (age 13.188s) hex dump (first 8 bytes): 70 74 70 30 00 00 00 00 ptp0.... backtrace: [<00000000312ed458>] _kmalloctrackcaller+0x19f/0x3a0 [<0000000079f6e2ff>] kvasprintf+0xb5/0x150 [<0000000026aae54f>] kvasprintfconst+0x60/0x190 [<00000000f323a5f7>] kobjectsetnamevargs+0x56/0x150 [<000000004e35abdd>] devsetname+0xc0/0x100 [<00000000f20cfe25>] ptpclockregister+0x9f4/0xd30 [ptp] [<000000008bb9f0de>] idt82p33probe.cold+0x8b6/0x1561 [ptp_idt82p33]

When posixclockregister() returns an error, the name allocated in devsetname() will be leaked, the putdevice() should be used to give up the device reference, then the name will be freed in kobjectcleanup() and other memory will be freed in ptpclockrelease().

References

Affected packages