CVE-2021-47173

Summary

In the Linux kernel, the following vulnerability has been resolved:

misc/uss720: fix memory leak in uss720_probe

uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev.

BUG: memory leak unreferenced object 0xffff888101113800 (size 2048): comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) hex dump (first 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ….1……….. 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ……………. backtrace: [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline] [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline] [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline] [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline] [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292 [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0f36163d3abefbda1b21a330b3fdf3c2dc076d94 < 5f46b2410db2c8f26b8bb91b40deebf4ec184391affected
LinuxLinux0f36163d3abefbda1b21a330b3fdf3c2dc076d94 < 7889c70e6173ef358f3cd7578db127a489035a42affected
LinuxLinux0f36163d3abefbda1b21a330b3fdf3c2dc076d94 < bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364affected
LinuxLinux0f36163d3abefbda1b21a330b3fdf3c2dc076d94 < 386918878ce4cd676e4607233866e03c9399a46aaffected
LinuxLinux0f36163d3abefbda1b21a330b3fdf3c2dc076d94 < 36b5ff1db1a4ef4fdbc2bae364344279f033ad88affected
LinuxLinux0f36163d3abefbda1b21a330b3fdf3c2dc076d94 < 5394ae9d8c7961dd93807fdf1b12a1dde96b0a55affected
LinuxLinux0f36163d3abefbda1b21a330b3fdf3c2dc076d94 < a3c3face38cb49932c62adcc1289914f1c742096affected
LinuxLinux0f36163d3abefbda1b21a330b3fdf3c2dc076d94 < dcb4b8ad6a448532d8b681b5d1a7036210b622deaffected
LinuxLinux2.6.14affected
LinuxLinux0 < 2.6.14unaffected
LinuxLinux4.4.271 <= 4.4.*unaffected
LinuxLinux4.9.271 <= 4.9.*unaffected
LinuxLinux4.14.235 <= 4.14.*unaffected
LinuxLinux4.19.193 <= 4.19.*unaffected
LinuxLinux5.4.124 <= 5.4.*unaffected
LinuxLinux5.10.42 <= 5.10.*unaffected
LinuxLinux5.12.9 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References