CVE-2021-47020

In the Linux kernel, the following vulnerability has been resolved: soundwire: stream: fix memory leak in stream config error path When stream config is failed, master runtime will release all slave runtime in the slave_rt_list, but slave runtime is not added to the list at this time. This patch frees slave runtime in the config error path to fix the memory leak.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88	Patch
https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80	Patch
https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f	Patch
https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a	Patch
https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002	Patch
https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea	Patch
https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88	Patch
https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80	Patch
https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f	Patch
https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a	Patch
https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002	Patch
https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-02-29 23:15

Updated : 2024-12-10 17:03

NVD link : CVE-2021-47020

Mitre link : CVE-2021-47020

CVE.ORG link : CVE-2021-47020

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2021-47020", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-02-29T23:15:07.357", "references": [{"url": "https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: stream: fix memory leak in stream config error path\n\nWhen stream config is failed, master runtime will release all\nslave runtime in the slave_rt_list, but slave runtime is not\nadded to the list at this time. This patch frees slave runtime\nin the config error path to fix the memory leak."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soundwire: stream: corrige la p\u00e9rdida de memoria en la ruta de error de configuraci\u00f3n de stream Cuando falla la configuraci\u00f3n de stream, el tiempo de ejecuci\u00f3n maestro liberar\u00e1 todo el tiempo de ejecuci\u00f3n esclavo en Slave_rt_list, pero el tiempo de ejecuci\u00f3n esclavo no se agrega a la lista. en este momento. Este parche libera el tiempo de ejecuci\u00f3n esclavo en la ruta del error de configuraci\u00f3n para corregir la p\u00e9rdida de memoria."}], "lastModified": "2024-12-10T17:03:24.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D5BE6B8-83E1-489C-BEB7-8A966A4E0E2C", "versionEndExcluding": "4.19.191", "versionStartIncluding": "4.18"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E07BA880-1043-4674-AC45-266B3B4A44C7", "versionEndExcluding": "5.4.119", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A4CF5D6-ACBA-4980-ABFD-3D7A53B5BB4E", "versionEndExcluding": "5.10.37", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0", "versionEndExcluding": "5.11.21", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838", "versionEndExcluding": "5.12.4", "versionStartIncluding": "5.12"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}