{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47237","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-04-10T18:59:19.531Z","datePublished":"2024-05-21T14:19:38.396Z","dateUpdated":"2025-05-04T07:06:54.347Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:06:54.347Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hamradio: fix memory leak in mkiss_close\n\nMy local syzbot instance hit memory leak in\nmkiss_open()[1]. The problem was in missing\nfree_netdev() in mkiss_close().\n\nIn mkiss_open() netdevice is allocated and then\nregistered, but in mkiss_close() netdevice was\nonly unregistered, but not freed.\n\nFail log:\n\nBUG: memory leak\nunreferenced object 0xffff8880281ba000 (size 4096):\n  comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n  hex dump (first 32 bytes):\n    61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00  ax0.............\n    00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00  .'.*............\n  backtrace:\n    [<ffffffff81a27201>] kvmalloc_node+0x61/0xf0\n    [<ffffffff8706e7e8>] alloc_netdev_mqs+0x98/0xe80\n    [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]\n    [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110\n    [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670\n    [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440\n    [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200\n    [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0\n    [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBUG: memory leak\nunreferenced object 0xffff8880141a9a00 (size 96):\n  comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n  hex dump (first 32 bytes):\n    e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff  ...(.......(....\n    98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00  .....@..........\n  backtrace:\n    [<ffffffff8709f68b>] __hw_addr_create_ex+0x5b/0x310\n    [<ffffffff8709fb38>] __hw_addr_add_ex+0x1f8/0x2b0\n    [<ffffffff870a0c7b>] dev_addr_init+0x10b/0x1f0\n    [<ffffffff8706e88b>] alloc_netdev_mqs+0x13b/0xe80\n    [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]\n    [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110\n    [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670\n    [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440\n    [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200\n    [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0\n    [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBUG: memory leak\nunreferenced object 0xffff8880219bfc00 (size 512):\n  comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n  hex dump (first 32 bytes):\n    00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff  ...(............\n    80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [<ffffffff81a27201>] kvmalloc_node+0x61/0xf0\n    [<ffffffff8706eec7>] alloc_netdev_mqs+0x777/0xe80\n    [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]\n    [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110\n    [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670\n    [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440\n    [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200\n    [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0\n    [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBUG: memory leak\nunreferenced object 0xffff888029b2b200 (size 256):\n  comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [<ffffffff81a27201>] kvmalloc_node+0x61/0xf0\n    [<ffffffff8706f062>] alloc_netdev_mqs+0x912/0xe80\n    [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]\n    [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110\n    [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670\n    [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440\n    [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200\n    [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0\n    [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/hamradio/mkiss.c"],"versions":[{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"c634ba0b4159838ff45a60d3a0ace3b4118077a5","status":"affected","versionType":"git"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"3942d0f9ace1a95a74930b5b4fc0e5005c62b37b","status":"affected","versionType":"git"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"765a8a04f828db7222b36a42b1031f576bfe95c3","status":"affected","versionType":"git"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"c16c4716a1b5ba4f83c7e00da457cba06761f119","status":"affected","versionType":"git"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"a49cbb762ef20655f5c91abdc13658b0af5e159d","status":"affected","versionType":"git"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"290b0b6432e2599021db0b8d6046f756d931c29f","status":"affected","versionType":"git"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"f4de2b43d13b7cf3ced9310e371b90c836dbd7cd","status":"affected","versionType":"git"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"7edcc682301492380fbdd604b4516af5ae667a13","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/hamradio/mkiss.c"],"versions":[{"version":"2.6.14","status":"affected"},{"version":"0","lessThan":"2.6.14","status":"unaffected","versionType":"semver"},{"version":"4.4.274","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.274","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.238","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.196","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.128","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.46","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.12.13","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"4.4.274"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"4.9.274"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"4.14.238"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"4.19.196"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"5.4.128"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"5.10.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"5.12.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"5.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c634ba0b4159838ff45a60d3a0ace3b4118077a5"},{"url":"https://git.kernel.org/stable/c/3942d0f9ace1a95a74930b5b4fc0e5005c62b37b"},{"url":"https://git.kernel.org/stable/c/765a8a04f828db7222b36a42b1031f576bfe95c3"},{"url":"https://git.kernel.org/stable/c/c16c4716a1b5ba4f83c7e00da457cba06761f119"},{"url":"https://git.kernel.org/stable/c/a49cbb762ef20655f5c91abdc13658b0af5e159d"},{"url":"https://git.kernel.org/stable/c/290b0b6432e2599021db0b8d6046f756d931c29f"},{"url":"https://git.kernel.org/stable/c/f4de2b43d13b7cf3ced9310e371b90c836dbd7cd"},{"url":"https://git.kernel.org/stable/c/7edcc682301492380fbdd604b4516af5ae667a13"}],"title":"net: hamradio: fix memory leak in mkiss_close","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:32:07.921Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/c634ba0b4159838ff45a60d3a0ace3b4118077a5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3942d0f9ace1a95a74930b5b4fc0e5005c62b37b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/765a8a04f828db7222b36a42b1031f576bfe95c3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c16c4716a1b5ba4f83c7e00da457cba06761f119","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a49cbb762ef20655f5c91abdc13658b0af5e159d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/290b0b6432e2599021db0b8d6046f756d931c29f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f4de2b43d13b7cf3ced9310e371b90c836dbd7cd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7edcc682301492380fbdd604b4516af5ae667a13","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47237","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:40:03.924521Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:12.722Z"}}]}}