{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47238","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-04-10T18:59:19.532Z","datePublished":"2024-05-21T14:19:39.041Z","dateUpdated":"2025-05-07T19:58:16.834Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:41:17.545Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix memory leak in ip_mc_add1_src\n\nBUG: memory leak\nunreferenced object 0xffff888101bc4c00 (size 32):\n  comm \"syz-executor527\", pid 360, jiffies 4294807421 (age 19.329s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n    01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................\n  backtrace:\n    [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline]\n    [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline]\n    [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline]\n    [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095\n    [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416\n    [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline]\n    [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423\n    [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857\n    [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117\n    [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline]\n    [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline]\n    [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125\n    [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47\n    [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn commit 24803f38a5c0 (\"igmp: do not remove igmp souce list info when set\nlink down\"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed,\nbecause it was also called in igmpv3_clear_delrec().\n\nRough callgraph:\n\ninetdev_destroy\n-> ip_mc_destroy_dev\n     -> igmpv3_clear_delrec\n        -> ip_mc_clear_src\n-> RCU_INIT_POINTER(dev->ip_ptr, NULL)\n\nHowever, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't\nrelease in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the\nNULL to dev->ip_ptr. As a result, in_dev cannot be obtained through\ninetdev_by_index() and then in_dev->mc_list->sources cannot be released\nby ip_mc_del1_src() in the sock_close. Rough call sequence goes like:\n\nsock_close\n-> __sock_release\n   -> inet_release\n      -> ip_mc_drop_socket\n         -> inetdev_by_index\n         -> ip_mc_leave_src\n            -> ip_mc_del_src\n               -> ip_mc_del1_src\n\nSo we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free\nin_dev->mc_list->sources."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv4/igmp.c"],"versions":[{"version":"24803f38a5c0b6c57ed800b47e695f9ce474bc3a","lessThan":"0dc13e75507faa17ac9f7562b4ef7bf8fcd78422","status":"affected","versionType":"git"},{"version":"24803f38a5c0b6c57ed800b47e695f9ce474bc3a","lessThan":"6cff57eea3347f79f1867cc53e1093b6614138d8","status":"affected","versionType":"git"},{"version":"24803f38a5c0b6c57ed800b47e695f9ce474bc3a","lessThan":"1e28018b5c83d5073f74a6fb72eabe8370b2f501","status":"affected","versionType":"git"},{"version":"24803f38a5c0b6c57ed800b47e695f9ce474bc3a","lessThan":"3dd2aeac2e9624cff9fa634710837e4f2e352758","status":"affected","versionType":"git"},{"version":"24803f38a5c0b6c57ed800b47e695f9ce474bc3a","lessThan":"ac31cc837cafb57a271babad8ccffbf733caa076","status":"affected","versionType":"git"},{"version":"24803f38a5c0b6c57ed800b47e695f9ce474bc3a","lessThan":"77de6ee73f54a9a89c0afa0bf4c53b239aa9953a","status":"affected","versionType":"git"},{"version":"24803f38a5c0b6c57ed800b47e695f9ce474bc3a","lessThan":"d8e2973029b8b2ce477b564824431f3385c77083","status":"affected","versionType":"git"},{"version":"bd1b664a19403ede448d29c87b2f23796bc7a577","status":"affected","versionType":"git"},{"version":"b38c6e0bd5b5e439ecebdc0df599d573c2f610f8","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv4/igmp.c"],"versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","status":"unaffected","versionType":"semver"},{"version":"4.9.274","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.238","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.196","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.128","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.46","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.12.13","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"4.9.274"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"4.14.238"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"4.19.196"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.4.128"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.10.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.12.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.87"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.42"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422"},{"url":"https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8"},{"url":"https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501"},{"url":"https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758"},{"url":"https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076"},{"url":"https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a"},{"url":"https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083"}],"title":"net: ipv4: fix memory leak in ip_mc_add1_src","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-400","lang":"en","description":"CWE-400 Uncontrolled Resource Consumption"}]}],"affected":[{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"24803f38a5c0","status":"affected","lessThan":"0dc13e75507f","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"24803f38a5c0","status":"affected","lessThan":"6cff57eea334","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"24803f38a5c0","status":"affected","lessThan":"1e28018b5c83","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"24803f38a5c0","status":"affected","lessThan":"3dd2aeac2e96","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"24803f38a5c0","status":"affected","lessThan":"ac31cc837caf","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"24803f38a5c0","status":"affected","lessThan":"77de6ee73f54","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"24803f38a5c0","status":"affected","lessThan":"d8e2973029b8","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.9","status":"affected"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"unaffected","lessThan":"4.9","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.9.274","status":"unaffected","lessThanOrEqual":"5.0","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.14.238","status":"unaffected","lessThanOrEqual":"4.15","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.19.196","status":"unaffected","lessThanOrEqual":"4.20","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.4.128","status":"unaffected","lessThanOrEqual":"5.5","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.10.46","status":"unaffected","lessThanOrEqual":"5.11","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.12.13","status":"unaffected","lessThanOrEqual":"5.13","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.13","status":"unaffected"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-05-07T19:57:25.364822Z","id":"CVE-2021-47238","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-07T19:58:16.834Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:32:07.941Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083","tags":["x_transferred"]}]}]}}