CVE-2021-47519

Published: May 24, 2024Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_read_fifo: fix memory leak in error branch In m_can_read_fifo(), if the second call to m_can_fifo_read() fails, the function jump to the out_fail label and returns without calling m_can_receive_skb(). This means that the skb previously allocated by alloc_can_skb() is not freed. In other terms, this is a memory leak. This patch adds a goto label to destroy the skb if an error occurs. Issue was found with GCC -fanalyzer, please follow the link below for details.

Affected (1)

Products: Linux: Linux Kernel

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.15 to 5.15.8

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (4)

https://git.kernel.org/stable/c/31cb32a590d62b18f69a9a6d433f4e69c74fdd56

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/75a422165477dd12d2d20aa7c9ee7c9a281c9908

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/31cb32a590d62b18f69a9a6d433f4e69c74fdd56

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/75a422165477dd12d2d20aa7c9ee7c9a281c9908

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.