CVE-2021-47173 in Linuxinfo

Summary

by MITRE • 03/25/2024

In the Linux kernel, the following vulnerability has been resolved:

misc/uss720: fix memory leak in uss720_probe

uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev.

BUG: memory leak unreferenced object 0xffff888101113800 (size 2048): comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) hex dump (first 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................ backtrace: [] kmalloc include/linux/slab.h:554 [inline]
[] kzalloc include/linux/slab.h:684 [inline]
[] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582
[] hub_port_connect drivers/usb/core/hub.c:5129 [inline]
[] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
[] port_event drivers/usb/core/hub.c:5509 [inline]
[] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591
[] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
[] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
[] kthread+0x178/0x1b0 kernel/kthread.c:292
[] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 08/04/2025

The vulnerability identified as CVE-2021-47173 represents a memory leak within the Linux kernel's USB subsystem, specifically affecting the uss720 driver module. This issue occurs during the probe phase of USB device initialization where the driver fails to properly manage reference counting for USB device objects. The uss720_probe function, responsible for initializing Universal Serial Bus devices, neglects to decrement the reference count of the usbdev structure, leading to a persistent memory leak that can accumulate over time and potentially impact system stability.

The technical flaw manifests in the improper handling of USB device reference counting mechanisms within the kernel's USB core infrastructure. When the uss720_probe function allocates and processes USB device structures, it correctly acquires references to these objects but fails to release them appropriately. This memory leak pattern follows the typical characteristics of a resource management error where allocated kernel memory remains unreleased despite the completion of the device initialization process. The vulnerability is categorized under CWE-404 as an improper resource management issue, specifically involving memory leaks in kernel space operations.

The operational impact of this vulnerability extends beyond simple memory consumption, as persistent memory leaks can degrade system performance and potentially lead to system instability or resource exhaustion. The leaked memory objects, identified as 2048-byte structures, accumulate in the kernel's memory space and can eventually contribute to memory pressure that affects other critical kernel operations. The leak occurs in the context of kworker threads processing USB events, indicating that the vulnerability is triggered during normal USB device connection and disconnection operations, making it particularly concerning for systems with frequent USB device interactions. This type of vulnerability can be leveraged by attackers to perform resource exhaustion attacks or to create persistent system instability that may be difficult to diagnose.

Mitigation strategies for this vulnerability require immediate kernel updates that implement the recommended fix of decrementing the usbdev reference count using the usb_put_dev function. System administrators should prioritize applying the patched kernel version as soon as possible, particularly in production environments where USB device usage is frequent. The fix aligns with established kernel development practices for proper resource management and adheres to the ATT&CK framework's concept of privilege escalation through resource exhaustion attacks. Additionally, monitoring systems should be implemented to track memory usage patterns and detect potential memory leak accumulation, as this vulnerability may not be immediately apparent in normal system operation. Regular kernel updates and security audits of USB subsystem components remain essential practices to prevent similar issues from emerging in other kernel modules or drivers.

Reservation

03/25/2024

Disclosure

03/25/2024

Moderation

accepted

CPE

ready

EPSS

0.00226

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!