| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Mar 2024 10:16:47 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47171: net: usb: fix memory leak in smsc75xx_bind Description =========== In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728 The Linux kernel CVE team has assigned CVE-2021-47171 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.4.271 with commit 200dbfcad801 Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.9.271 with commit 22c840596af0 Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.14.235 with commit 9e6b8c1ff9d9 Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.19.193 with commit 9e6a3eccb287 Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.4.124 with commit b95fb96e6339 Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.10.42 with commit 635ac38b3625 Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.12.9 with commit 70c886ac93f8 Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.13 with commit 46a8b29c6306 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47171 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/usb/smsc75xx.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07 https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17 https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0 https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70
Powered by blists - more mailing lists