CVE-2021-47236

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: cdc_eem: fix tx fixup skb leak

when usbnet transmit a skb, eem fixup it in eem_tx_fixup(), if skb_copy_expand() failed, it return NULL, usbnet_start_xmit() will have no chance to free original skb.

fix it by free orginal skb in eem_tx_fixup() first, then check skb clone status, if failed, return NULL to usbnet.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9f722c0978b04acba209f8ca1896ad05814bc3a3 < f12554b0ff639e74612cc01b3b4a049e098d2d65affected
LinuxLinux9f722c0978b04acba209f8ca1896ad05814bc3a3 < 14184ec5c958b589ba934da7363a2877879204dfaffected
LinuxLinux9f722c0978b04acba209f8ca1896ad05814bc3a3 < 1bcacd6088d61c0ac6a990d87975600a81f3247eaffected
LinuxLinux9f722c0978b04acba209f8ca1896ad05814bc3a3 < f4e6a7f19c82f39b1803e91c54718f0d7143767daffected
LinuxLinux9f722c0978b04acba209f8ca1896ad05814bc3a3 < 81de2ed06df8b5451e050fe6a318af3263dbff3faffected
LinuxLinux9f722c0978b04acba209f8ca1896ad05814bc3a3 < 05b2b9f7d24b5663d9b47427fe1555bdafd3ea02affected
LinuxLinux9f722c0978b04acba209f8ca1896ad05814bc3a3 < b4f7a9fc9d094c0c4a66f2ad7c37b1dbe9e78f88affected
LinuxLinux9f722c0978b04acba209f8ca1896ad05814bc3a3 < c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7affected
LinuxLinux2.6.30affected
LinuxLinux0 < 2.6.30unaffected
LinuxLinux4.4.274 <= 4.4.*unaffected
LinuxLinux4.9.274 <= 4.9.*unaffected
LinuxLinux4.14.238 <= 4.14.*unaffected
LinuxLinux4.19.196 <= 4.19.*unaffected
LinuxLinux5.4.128 <= 5.4.*unaffected
LinuxLinux5.10.46 <= 5.10.*unaffected
LinuxLinux5.12.13 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References