Linux Kernel up to 5.15.12 st21nfca phy->pending_skb memory leak

Summaryinfo

A vulnerability was found in Linux Kernel up to 5.15.12. It has been declared as problematic. The affected element is the function phy->pending_skb of the component st21nfca. Such manipulation leads to memory leak. This vulnerability is documented as CVE-2021-46924. There is not any exploit available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in Linux Kernel up to 5.15.12 (Operating System) and classified as problematic. Affected by this issue is the function phy->pending_skb of the component st21nfca. The manipulation with an unknown input leads to a memory leak vulnerability. Using CWE to declare the problem leads to CWE-401. The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. Impacted is availability. CVE summarizes:

In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy->pending_skb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unreferenced object 0xffff88800bc06800 (size 512): comm "8", pid 11775, jiffies 4295159829 (age 9.032s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] __kmalloc_node_track_caller+0x1ed/0x450 [] kmalloc_reserve+0x37/0xd0 [] __alloc_skb+0x124/0x380 [] st21nfca_hci_i2c_probe+0x170/0x8f2 Fix it by freeing 'pending_skb' in error and remove.

The weakness was released 02/27/2024. The advisory is shared for download at git.kernel.org. This vulnerability is handled as CVE-2021-46924 since 02/25/2024. There are known technical details, but no exploit is available.

Upgrading to version 4.14.261, 4.19.224, 5.4.170, 5.10.90, 5.15.13 or 5.16 eliminates this vulnerability. Applying the patch 38c3e320e7ff/a1e0080a35a1/1cd4063dbc91/e553265ea564/238920381b89/1b9dadba5022 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 4.14.260
• 4.19.223
• 5.0
• 5.1
• 5.2
• 5.3
• 5.4
• 5.4.169
• 5.5
• 5.6
• 5.7
• 5.8
• 5.9
• 5.10
• 5.10.0
• 5.10.1
• 5.10.2
• 5.10.3
• 5.10.4
• 5.10.5
• 5.10.6
• 5.10.7
• 5.10.8
• 5.10.9
• 5.10.10
• 5.10.11
• 5.10.12
• 5.10.13
• 5.10.14
• 5.10.15
• 5.10.16
• 5.10.17
• 5.10.18
• 5.10.19
• 5.10.20
• 5.10.21
• 5.10.22
• 5.10.23
• 5.10.24
• 5.10.25
• 5.10.26
• 5.10.27
• 5.10.28
• 5.10.29
• 5.10.30
• 5.10.31
• 5.10.32
• 5.10.33
• 5.10.34
• 5.10.35
• 5.10.36
• 5.10.37
• 5.10.38
• 5.10.39
• 5.10.40
• 5.10.41
• 5.10.42
• 5.10.43
• 5.10.44
• 5.10.45
• 5.10.46
• 5.10.47
• 5.10.48
• 5.10.49
• 5.10.50
• 5.10.51
• 5.10.52
• 5.10.53
• 5.10.54
• 5.10.55
• 5.10.56
• 5.10.57
• 5.10.58
• 5.10.59
• 5.10.60
• 5.10.61
• 5.10.62
• 5.10.63
• 5.10.64
• 5.10.65
• 5.10.66
• 5.10.67
• 5.10.68
• 5.10.69
• 5.10.70
• 5.10.71
• 5.10.72
• 5.10.73
• 5.10.74
• 5.10.75
• 5.10.76
• 5.10.77
• 5.10.78
• 5.10.79
• 5.10.80
• 5.10.81
• 5.10.82
• 5.10.83
• 5.10.84
• 5.10.85
• 5.10.86
• 5.10.87
• 5.10.88
• 5.10.89
• 5.11
• 5.12
• 5.13
• 5.14
• 5.15
• 5.15.0
• 5.15.1
• 5.15.2
• 5.15.3
• 5.15.4
• 5.15.5
• 5.15.6
• 5.15.7
• 5.15.8
• 5.15.9
• 5.15.10
• 5.15.11
• 5.15.12

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion