CVE-2021-47238 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel

Link	Providers
https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422
https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501
https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758
https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8
https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a
https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076
https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083
https://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47238-c466@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47238
https://www.cve.org/CVERecord?id=CVE-2021-47238

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel:5.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc6::::::

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::*
Vendors & Products		Linux Linux linux Kernel
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47238", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-04-10T18:59:19.532Z", "datePublished": "2024-05-21T14:19:39.041Z", "dateUpdated": "2024-12-19T07:38:00.188Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:38:00.188Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix memory leak in ip_mc_add1_src\n\nBUG: memory leak\nunreferenced object 0xffff888101bc4c00 (size 32):\n  comm \"syz-executor527\", pid 360, jiffies 4294807421 (age 19.329s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n    01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................\n  backtrace:\n    [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline]\n    [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline]\n    [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline]\n    [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095\n    [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416\n    [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline]\n    [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423\n    [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857\n    [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117\n    [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline]\n    [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline]\n    [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125\n    [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47\n    [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn commit 24803f38a5c0 (\"igmp: do not remove igmp souce list info when set\nlink down\"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed,\nbecause it was also called in igmpv3_clear_delrec().\n\nRough callgraph:\n\ninetdev_destroy\n-> ip_mc_destroy_dev\n     -> igmpv3_clear_delrec\n        -> ip_mc_clear_src\n-> RCU_INIT_POINTER(dev->ip_ptr, NULL)\n\nHowever, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't\nrelease in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the\nNULL to dev->ip_ptr. As a result, in_dev cannot be obtained through\ninetdev_by_index() and then in_dev->mc_list->sources cannot be released\nby ip_mc_del1_src() in the sock_close. Rough call sequence goes like:\n\nsock_close\n-> __sock_release\n   -> inet_release\n      -> ip_mc_drop_socket\n         -> inetdev_by_index\n         -> ip_mc_leave_src\n            -> ip_mc_del_src\n               -> ip_mc_del1_src\n\nSo we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free\nin_dev->mc_list->sources."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/igmp.c"], "versions": [{"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "0dc13e75507faa17ac9f7562b4ef7bf8fcd78422", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "6cff57eea3347f79f1867cc53e1093b6614138d8", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "1e28018b5c83d5073f74a6fb72eabe8370b2f501", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "3dd2aeac2e9624cff9fa634710837e4f2e352758", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "ac31cc837cafb57a271babad8ccffbf733caa076", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "77de6ee73f54a9a89c0afa0bf4c53b239aa9953a", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "d8e2973029b8b2ce477b564824431f3385c77083", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/igmp.c"], "versions": [{"version": "4.9", "status": "affected"}, {"version": "0", "lessThan": "4.9", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.274", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.238", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.196", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.128", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.46", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.13", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422"}, {"url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8"}, {"url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501"}, {"url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758"}, {"url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076"}, {"url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a"}, {"url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083"}], "title": "net: ipv4: fix memory leak in ip_mc_add1_src", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "affected": [{"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "0dc13e75507f", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "6cff57eea334", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "1e28018b5c83", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "3dd2aeac2e96", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "ac31cc837caf", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "77de6ee73f54", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "d8e2973029b8", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.9", "status": "affected"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "unaffected", "lessThan": "4.9", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.9.274", "status": "unaffected", "lessThanOrEqual": "5.0", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.14.238", "status": "unaffected", "lessThanOrEqual": "4.15", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.19.196", "status": "unaffected", "lessThanOrEqual": "4.20", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.4.128", "status": "unaffected", "lessThanOrEqual": "5.5", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.10.46", "status": "unaffected", "lessThanOrEqual": "5.11", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.12.13", "status": "unaffected", "lessThanOrEqual": "5.13", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.13", "status": "unaffected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T18:42:08.780386Z", "id": "CVE-2021-47238", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:05:29.111Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.941Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2021-47238 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-04-10T18:59:19.532Z (string)

datePublished : 2024-05-21T14:19:39.041Z (string)

dateUpdated : 2024-12-19T07:38:00.188Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2024-12-19T07:38:00.188Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in ip_mc_add1_src BUG: memory leak unreferenced object 0xffff888101bc4c00 (size 32): comm "syz-executor527", pid 360, jiffies 4294807421 (age 19.329s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline] [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline] [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline] [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095 [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416 [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline] [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423 [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857 [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117 [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline] [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline] [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125 [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47 [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In commit 24803f38a5c0 ("igmp: do not remove igmp souce list info when set link down"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed, because it was also called in igmpv3_clear_delrec(). Rough callgraph: inetdev_destroy -> ip_mc_destroy_dev -> igmpv3_clear_delrec -> ip_mc_clear_src -> RCU_INIT_POINTER(dev->ip_ptr, NULL) However, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't release in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the NULL to dev->ip_ptr. As a result, in_dev cannot be obtained through inetdev_by_index() and then in_dev->mc_list->sources cannot be released by ip_mc_del1_src() in the sock_close. Rough call sequence goes like: sock_close -> __sock_release -> inet_release -> ip_mc_drop_socket -> inetdev_by_index -> ip_mc_leave_src -> ip_mc_del_src -> ip_mc_del1_src So we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free in_dev->mc_list->sources. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/ipv4/igmp.c (string)

]

versions : [ »

0 : { »

version : 24803f38a5c0b6c57ed800b47e695f9ce474bc3a (string)

lessThan : 0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 24803f38a5c0b6c57ed800b47e695f9ce474bc3a (string)

lessThan : 6cff57eea3347f79f1867cc53e1093b6614138d8 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 24803f38a5c0b6c57ed800b47e695f9ce474bc3a (string)

lessThan : 1e28018b5c83d5073f74a6fb72eabe8370b2f501 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : 24803f38a5c0b6c57ed800b47e695f9ce474bc3a (string)

lessThan : 3dd2aeac2e9624cff9fa634710837e4f2e352758 (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : 24803f38a5c0b6c57ed800b47e695f9ce474bc3a (string)

lessThan : ac31cc837cafb57a271babad8ccffbf733caa076 (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : 24803f38a5c0b6c57ed800b47e695f9ce474bc3a (string)

lessThan : 77de6ee73f54a9a89c0afa0bf4c53b239aa9953a (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : 24803f38a5c0b6c57ed800b47e695f9ce474bc3a (string)

lessThan : d8e2973029b8b2ce477b564824431f3385c77083 (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/ipv4/igmp.c (string)

]

versions : [ »

0 : { »

version : 4.9 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 4.9 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 4.9.274 (string)

lessThanOrEqual : 4.9.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 4.14.238 (string)

lessThanOrEqual : 4.14.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 4.19.196 (string)

lessThanOrEqual : 4.19.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 5.4.128 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 5.10.46 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 5.12.13 (string)

lessThanOrEqual : 5.12.* (string)

status : unaffected (string)

versionType : semver (string)

}

8 : { »

version : 5.13 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a (string)

}

6 : { »

url : https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083 (string)

}

]

title : net: ipv4: fix memory leak in ip_mc_add1_src (string)

x_generator : { »

engine : bippy-5f407fcff5a0 (string)

}

adp : [ »

0 : { »

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-400 (string)

lang : en (string)

description : CWE-400 Uncontrolled Resource Consumption (string)

}

]

}

]

affected : [ »

0 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 24803f38a5c0 (string)

status : affected (string)

lessThan : 0dc13e75507f (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 24803f38a5c0 (string)

status : affected (string)

lessThan : 6cff57eea334 (string)

versionType : custom (string)

}

]

}

2 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 24803f38a5c0 (string)

status : affected (string)

lessThan : 1e28018b5c83 (string)

versionType : custom (string)

}

]

}

3 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 24803f38a5c0 (string)

status : affected (string)

lessThan : 3dd2aeac2e96 (string)

versionType : custom (string)

}

]

}

4 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 24803f38a5c0 (string)

status : affected (string)

lessThan : ac31cc837caf (string)

versionType : custom (string)

}

]

}

5 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 24803f38a5c0 (string)

status : affected (string)

lessThan : 77de6ee73f54 (string)

versionType : custom (string)

}

]

}

6 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 24803f38a5c0 (string)

status : affected (string)

lessThan : d8e2973029b8 (string)

versionType : custom (string)

}

]

}

7 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 4.9 (string)

status : affected (string)

}

]

}

8 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : unaffected (string)

lessThan : 4.9 (string)

versionType : custom (string)

}

]

}

9 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 4.9.274 (string)

status : unaffected (string)

lessThanOrEqual : 5.0 (string)

versionType : custom (string)

}

]

}

10 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 4.14.238 (string)

status : unaffected (string)

lessThanOrEqual : 4.15 (string)

versionType : custom (string)

}

]

}

11 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 4.19.196 (string)

status : unaffected (string)

lessThanOrEqual : 4.20 (string)

versionType : custom (string)

}

]

}

12 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 5.4.128 (string)

status : unaffected (string)

lessThanOrEqual : 5.5 (string)

versionType : custom (string)

}

]

}

13 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 5.10.46 (string)

status : unaffected (string)

lessThanOrEqual : 5.11 (string)

versionType : custom (string)

}

]

}

14 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 5.12.13 (string)

status : unaffected (string)

lessThanOrEqual : 5.13 (string)

versionType : custom (string)

}

]

}

15 : { »

vendor : linux (string)

product : linux_kernel (string)

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 5.13 (string)

status : unaffected (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 5.5 (number)

attackVector : LOCAL (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : LOW (string)

confidentialityImpact : NONE (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-06-12T18:42:08.780386Z (string)

id : CVE-2021-47238 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-12T19:05:29.111Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T05:32:07.941Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.941Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-47238", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T18:42:08.780386Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "0dc13e75507f", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "6cff57eea334", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "1e28018b5c83", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "3dd2aeac2e96", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "ac31cc837caf", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "77de6ee73f54", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "d8e2973029b8", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "4.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "0", "lessThan": "4.9", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "4.9.274", "versionType": "custom", "lessThanOrEqual": "5.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "4.14.238", "versionType": "custom", "lessThanOrEqual": "4.15"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "4.19.196", "versionType": "custom", "lessThanOrEqual": "4.20"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.4.128", "versionType": "custom", "lessThanOrEqual": "5.5"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.10.46", "versionType": "custom", "lessThanOrEqual": "5.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.12.13", "versionType": "custom", "lessThanOrEqual": "5.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.13"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T18:43:58.230Z"}}], "cna": {"title": "net: ipv4: fix memory leak in ip_mc_add1_src", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "0dc13e75507f", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0", "lessThan": "6cff57eea334", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0", "lessThan": "1e28018b5c83", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0", "lessThan": "3dd2aeac2e96", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0", "lessThan": "ac31cc837caf", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0", "lessThan": "77de6ee73f54", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0", "lessThan": "d8e2973029b8", "versionType": "git"}], "programFiles": ["net/ipv4/igmp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.9"}, {"status": "unaffected", "version": "0", "lessThan": "4.9", "versionType": "semver"}, {"status": "unaffected", "version": "4.9.274", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.238", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.196", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.128", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.46", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.13", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "semver", "lessThanOrEqual": "*"}], "programFiles": ["net/ipv4/igmp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422"}, {"url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8"}, {"url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501"}, {"url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758"}, {"url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076"}, {"url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a"}, {"url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083"}], "x_generator": {"engine": "bippy-c8e10e5f6187"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix memory leak in ip_mc_add1_src\n\nBUG: memory leak\nunreferenced object 0xffff888101bc4c00 (size 32):\n  comm \"syz-executor527\", pid 360, jiffies 4294807421 (age 19.329s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n    01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................\n  backtrace:\n    [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline]\n    [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline]\n    [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline]\n    [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095\n    [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416\n    [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline]\n    [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423\n    [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857\n    [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117\n    [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline]\n    [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline]\n    [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125\n    [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47\n    [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn commit 24803f38a5c0 (\"igmp: do not remove igmp souce list info when set\nlink down\"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed,\nbecause it was also called in igmpv3_clear_delrec().\n\nRough callgraph:\n\ninetdev_destroy\n-> ip_mc_destroy_dev\n     -> igmpv3_clear_delrec\n        -> ip_mc_clear_src\n-> RCU_INIT_POINTER(dev->ip_ptr, NULL)\n\nHowever, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't\nrelease in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the\nNULL to dev->ip_ptr. As a result, in_dev cannot be obtained through\ninetdev_by_index() and then in_dev->mc_list->sources cannot be released\nby ip_mc_del1_src() in the sock_close. Rough call sequence goes like:\n\nsock_close\n-> __sock_release\n   -> inet_release\n      -> ip_mc_drop_socket\n         -> inetdev_by_index\n         -> ip_mc_leave_src\n            -> ip_mc_del_src\n               -> ip_mc_del1_src\n\nSo we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free\nin_dev->mc_list->sources."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:37:22.590Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47238", "state": "PUBLISHED", "dateUpdated": "2024-11-04T11:37:22.590Z", "dateReserved": "2024-04-10T18:59:19.532Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:19:39.041Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T05:32:07.941Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 5.5 (number)

attackVector : LOCAL (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : LOW (string)

confidentialityImpact : NONE (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2021-47238 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-06-12T18:42:08.780386Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : 0dc13e75507f (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : 6cff57eea334 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

2 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : 1e28018b5c83 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

3 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : 3dd2aeac2e96 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

4 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : ac31cc837caf (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

5 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : 77de6ee73f54 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

6 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : d8e2973029b8 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

7 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.9 (string)

}

]

defaultStatus : unknown (string)

}

8 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 4.9 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

9 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 4.9.274 (string)

versionType : custom (string)

lessThanOrEqual : 5.0 (string)

}

]

defaultStatus : unknown (string)

}

10 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 4.14.238 (string)

versionType : custom (string)

lessThanOrEqual : 4.15 (string)

}

]

defaultStatus : unknown (string)

}

11 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 4.19.196 (string)

versionType : custom (string)

lessThanOrEqual : 4.20 (string)

}

]

defaultStatus : unknown (string)

}

12 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 5.4.128 (string)

versionType : custom (string)

lessThanOrEqual : 5.5 (string)

}

]

defaultStatus : unknown (string)

}

13 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 5.10.46 (string)

versionType : custom (string)

lessThanOrEqual : 5.11 (string)

}

]

defaultStatus : unknown (string)

}

14 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 5.12.13 (string)

versionType : custom (string)

lessThanOrEqual : 5.13 (string)

}

]

defaultStatus : unknown (string)

}

15 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 5.13 (string)

}

]

defaultStatus : unknown (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-400 (string)

description : CWE-400 Uncontrolled Resource Consumption (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-12T18:43:58.230Z (string)

}

]

cna : { »

title : net: ipv4: fix memory leak in ip_mc_add1_src (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : 0dc13e75507f (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : 6cff57eea334 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : 1e28018b5c83 (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : 3dd2aeac2e96 (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : ac31cc837caf (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : 77de6ee73f54 (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : 24803f38a5c0 (string)

lessThan : d8e2973029b8 (string)

versionType : git (string)

}

]

programFiles : [ »

0 : net/ipv4/igmp.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.9 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 4.9 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 4.9.274 (string)

versionType : semver (string)

lessThanOrEqual : 4.9.* (string)

}

3 : { »

status : unaffected (string)

version : 4.14.238 (string)

versionType : semver (string)

lessThanOrEqual : 4.14.* (string)

}

4 : { »

status : unaffected (string)

version : 4.19.196 (string)

versionType : semver (string)

lessThanOrEqual : 4.19.* (string)

}

5 : { »

status : unaffected (string)

version : 5.4.128 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

6 : { »

status : unaffected (string)

version : 5.10.46 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

7 : { »

status : unaffected (string)

version : 5.12.13 (string)

versionType : semver (string)

lessThanOrEqual : 5.12.* (string)

}

8 : { »

status : unaffected (string)

version : 5.13 (string)

versionType : semver (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : net/ipv4/igmp.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a (string)

}

6 : { »

url : https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083 (string)

}

]

x_generator : { »

engine : bippy-c8e10e5f6187 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in ip_mc_add1_src BUG: memory leak unreferenced object 0xffff888101bc4c00 (size 32): comm "syz-executor527", pid 360, jiffies 4294807421 (age 19.329s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline] [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline] [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline] [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095 [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416 [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline] [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423 [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857 [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117 [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline] [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline] [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125 [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47 [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In commit 24803f38a5c0 ("igmp: do not remove igmp souce list info when set link down"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed, because it was also called in igmpv3_clear_delrec(). Rough callgraph: inetdev_destroy -> ip_mc_destroy_dev -> igmpv3_clear_delrec -> ip_mc_clear_src -> RCU_INIT_POINTER(dev->ip_ptr, NULL) However, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't release in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the NULL to dev->ip_ptr. As a result, in_dev cannot be obtained through inetdev_by_index() and then in_dev->mc_list->sources cannot be released by ip_mc_del1_src() in the sock_close. Rough call sequence goes like: sock_close -> __sock_release -> inet_release -> ip_mc_drop_socket -> inetdev_by_index -> ip_mc_leave_src -> ip_mc_del_src -> ip_mc_del1_src So we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free in_dev->mc_list->sources. (string)

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2024-11-04T11:37:22.590Z (string)

}

cveMetadata : { »

cveId : CVE-2021-47238 (string)

state : PUBLISHED (string)

dateUpdated : 2024-11-04T11:37:22.590Z (string)

dateReserved : 2024-04-10T18:59:19.532Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-05-21T14:19:39.041Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDF220AE-D4D3-4C0B-BFCA-4DDB897A81FA", "versionEndExcluding": "3.3", "versionStartIncluding": "3.2.87", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "776A78BD-F513-4084-AC1D-66E45A675E72", "versionEndExcluding": "3.17", "versionStartIncluding": "3.16.42", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B5A1555-2CC4-4652-AD96-3529D26B3447", "versionEndExcluding": "4.9.274", "versionStartIncluding": "4.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3C0DBBF-0923-4D2A-9178-134691F9933F", "versionEndExcluding": "4.14.238", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3CAB837-7D38-4934-AD4F-195CEFD754E6", "versionEndExcluding": "4.19.196", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6267BD4E-BE25-48B5-B850-4B493440DAFA", "versionEndExcluding": "5.4.128", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "59455D13-A902-42E1-97F7-5ED579777193", "versionEndExcluding": "5.10.46", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855", "versionEndExcluding": "5.12.13", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*", "matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*", "matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix memory leak in ip_mc_add1_src\n\nBUG: memory leak\nunreferenced object 0xffff888101bc4c00 (size 32):\n  comm \"syz-executor527\", pid 360, jiffies 4294807421 (age 19.329s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n    01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................\n  backtrace:\n    [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline]\n    [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline]\n    [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline]\n    [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095\n    [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416\n    [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline]\n    [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423\n    [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857\n    [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117\n    [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline]\n    [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline]\n    [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125\n    [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47\n    [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn commit 24803f38a5c0 (\"igmp: do not remove igmp souce list info when set\nlink down\"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed,\nbecause it was also called in igmpv3_clear_delrec().\n\nRough callgraph:\n\ninetdev_destroy\n-> ip_mc_destroy_dev\n     -> igmpv3_clear_delrec\n        -> ip_mc_clear_src\n-> RCU_INIT_POINTER(dev->ip_ptr, NULL)\n\nHowever, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't\nrelease in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the\nNULL to dev->ip_ptr. As a result, in_dev cannot be obtained through\ninetdev_by_index() and then in_dev->mc_list->sources cannot be released\nby ip_mc_del1_src() in the sock_close. Rough call sequence goes like:\n\nsock_close\n-> __sock_release\n   -> inet_release\n      -> ip_mc_drop_socket\n         -> inetdev_by_index\n         -> ip_mc_leave_src\n            -> ip_mc_del_src\n               -> ip_mc_del1_src\n\nSo we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free\nin_dev->mc_list->sources."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ipv4: corrige la p\u00e9rdida de memoria en ip_mc_add1_src. BUG: p\u00e9rdida de memoria objeto sin referencia 0xffff888101bc4c00 (tama\u00f1o 32): comm \"syz-executor527\", pid 360, jiffies 4294807421 (edad 19.329s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [&lt;00000000f17c5244&gt;] kmalloc include/linux/slab.h:558 [en l\u00ednea] [&lt;00000000f17c5244&gt;] kzalloc include/ linux/slab.h:688 [en l\u00ednea] [&lt;00000000f17c5244&gt;] ip_mc_add1_src net/ipv4/igmp.c:1971 [en l\u00ednea] [&lt;00000000f17c5244&gt;] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095 &lt;000000001cb99709 &gt;] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416 [&lt;0000000052cf19ed&gt;] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [en l\u00ednea] [&lt;0000000052cf19ed&gt;] 0net/ipv4/ip_sockglue. c:1423 [&lt;00000000477edfbc&gt;] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857 [&lt;00000000e75ca9bb&gt;] __sys_setsockopt+0x158/0x270 net/socket.c:2117 [&lt;00000000bdb993 a8&gt;] __do_sys_setsockopt net/socket.c :2128 [en l\u00ednea] [&lt;00000000bdb993a8&gt;] __se_sys_setsockopt net/socket.c:2125 [en l\u00ednea] [&lt;00000000bdb993a8&gt;] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125 [&lt;000000006a 1ffdbd&gt;] do_syscall_64+0x40/0x80 arch/ x86/entry/common.c:47 [&lt;00000000b11467c4&gt;] Entry_SYSCALL_64_after_hwframe+0x44/0xae En la confirmaci\u00f3n 24803f38a5c0 (\"igmp: no eliminar la informaci\u00f3n de la lista de fuentes de igmp cuando se establece el enlace\"), se elimin\u00f3 ip_mc_clear_src() en ip_mc_destroy_dev() , porque tambi\u00e9n fue llamado en igmpv3_clear_delrec(). Gr\u00e1fico de llamada aproximado: inetdev_destroy -&gt; ip_mc_destroy_dev -&gt; igmpv3_clear_delrec -&gt; ip_mc_clear_src -&gt; RCU_INIT_POINTER(dev-&gt;ip_ptr, NULL) Sin embargo, ip_mc_clear_src() llamado en igmpv3_clear_delrec() no libera in_dev-&gt;mc_list-&gt;sources. Y RCU_INIT_POINTER() asigna NULL a dev-&gt;ip_ptr. Como resultado, in_dev no se puede obtener a trav\u00e9s de inetdev_by_index() y luego in_dev-&gt;mc_list-&gt;sources no se puede liberar mediante ip_mc_del1_src() en sock_close. La secuencia de llamada aproximada es as\u00ed: sock_close -&gt; __sock_release -&gt; inet_release -&gt; ip_mc_drop_socket -&gt; inetdev_by_index -&gt; ip_mc_leave_src -&gt; ip_mc_del_src -&gt; ip_mc_del1_src Entonces todav\u00eda necesitamos llamar a ip_mc_clear_src() en ip_mc_destroy_dev() para liberar in_dev-&gt;mc_list -&gt;fuentes ."}], "id": "CVE-2021-47238", "lastModified": "2025-04-04T14:31:03.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-21T15:15:13.017", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EDF220AE-D4D3-4C0B-BFCA-4DDB897A81FA (string)

versionEndExcluding : 3.3 (string)

versionStartIncluding : 3.2.87 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 776A78BD-F513-4084-AC1D-66E45A675E72 (string)

versionEndExcluding : 3.17 (string)

versionStartIncluding : 3.16.42 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B5A1555-2CC4-4652-AD96-3529D26B3447 (string)

versionEndExcluding : 4.9.274 (string)

versionStartIncluding : 4.9 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C3C0DBBF-0923-4D2A-9178-134691F9933F (string)

versionEndExcluding : 4.14.238 (string)

versionStartIncluding : 4.10 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F3CAB837-7D38-4934-AD4F-195CEFD754E6 (string)

versionEndExcluding : 4.19.196 (string)

versionStartIncluding : 4.15 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6267BD4E-BE25-48B5-B850-4B493440DAFA (string)

versionEndExcluding : 5.4.128 (string)

versionStartIncluding : 4.20 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 59455D13-A902-42E1-97F7-5ED579777193 (string)

versionEndExcluding : 5.10.46 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7806E7E5-6D4F-4E18-81C1-79B3C60EE855 (string)

versionEndExcluding : 5.12.13 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 96AC23B2-D46A-49D9-8203-8E1BEDCA8532 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* (string)

matchCriteriaId : DA610E30-717C-4700-9F77-A3C9244F3BFD (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* (string)

matchCriteriaId : 1ECD33F5-85BE-430B-8F86-8D7BD560311D (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:* (string)

matchCriteriaId : CF351855-2437-4CF5-AD7C-BDFA51F27683 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:* (string)

matchCriteriaId : 25A855BA-2118-44F2-90EF-EBBB12AF51EF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in ip_mc_add1_src BUG: memory leak unreferenced object 0xffff888101bc4c00 (size 32): comm "syz-executor527", pid 360, jiffies 4294807421 (age 19.329s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline] [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline] [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline] [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095 [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416 [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline] [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423 [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857 [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117 [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline] [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline] [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125 [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47 [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In commit 24803f38a5c0 ("igmp: do not remove igmp souce list info when set link down"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed, because it was also called in igmpv3_clear_delrec(). Rough callgraph: inetdev_destroy -> ip_mc_destroy_dev -> igmpv3_clear_delrec -> ip_mc_clear_src -> RCU_INIT_POINTER(dev->ip_ptr, NULL) However, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't release in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the NULL to dev->ip_ptr. As a result, in_dev cannot be obtained through inetdev_by_index() and then in_dev->mc_list->sources cannot be released by ip_mc_del1_src() in the sock_close. Rough call sequence goes like: sock_close -> __sock_release -> inet_release -> ip_mc_drop_socket -> inetdev_by_index -> ip_mc_leave_src -> ip_mc_del_src -> ip_mc_del1_src So we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free in_dev->mc_list->sources. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ipv4: corrige la pérdida de memoria en ip_mc_add1_src. BUG: pérdida de memoria objeto sin referencia 0xffff888101bc4c00 (tamaño 32): comm "syz-executor527", pid 360, jiffies 4294807421 (edad 19.329s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [en línea] [<00000000f17c5244>] kzalloc include/ linux/slab.h:688 [en línea] [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [en línea] [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095 <000000001cb99709 >] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416 [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [en línea] [<0000000052cf19ed>] 0net/ipv4/ip_sockglue. c:1423 [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857 [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117 [<00000000bdb993 a8>] __do_sys_setsockopt net/socket.c :2128 [en línea] [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [en línea] [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125 [<000000006a 1ffdbd>] do_syscall_64+0x40/0x80 arch/ x86/entry/common.c:47 [<00000000b11467c4>] Entry_SYSCALL_64_after_hwframe+0x44/0xae En la confirmación 24803f38a5c0 ("igmp: no eliminar la información de la lista de fuentes de igmp cuando se establece el enlace"), se eliminó ip_mc_clear_src() en ip_mc_destroy_dev() , porque también fue llamado en igmpv3_clear_delrec(). Gráfico de llamada aproximado: inetdev_destroy -> ip_mc_destroy_dev -> igmpv3_clear_delrec -> ip_mc_clear_src -> RCU_INIT_POINTER(dev->ip_ptr, NULL) Sin embargo, ip_mc_clear_src() llamado en igmpv3_clear_delrec() no libera in_dev->mc_list->sources. Y RCU_INIT_POINTER() asigna NULL a dev->ip_ptr. Como resultado, in_dev no se puede obtener a través de inetdev_by_index() y luego in_dev->mc_list->sources no se puede liberar mediante ip_mc_del1_src() en sock_close. La secuencia de llamada aproximada es así: sock_close -> __sock_release -> inet_release -> ip_mc_drop_socket -> inetdev_by_index -> ip_mc_leave_src -> ip_mc_del_src -> ip_mc_del1_src Entonces todavía necesitamos llamar a ip_mc_clear_src() en ip_mc_destroy_dev() para liberar in_dev->mc_list ->fuentes . (string)

}

]

id : CVE-2021-47238 (string)

lastModified : 2025-04-04T14:31:03.253 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

published : 2024-05-21T15:15:13.017 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076 (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083 (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-400 (string)

}

]

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "kernel: net: ipv4: fix memory leak in ip_mc_add1_src", "id": "2282579", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282579"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: ipv4: fix memory leak in ip_mc_add1_src\nBUG: memory leak\nunreferenced object 0xffff888101bc4c00 (size 32):\ncomm \"syz-executor527\", pid 360, jiffies 4294807421 (age 19.329s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................\nbacktrace:\n[<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline]\n[<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline]\n[<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline]\n[<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095\n[<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416\n[<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline]\n[<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423\n[<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857\n[<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117\n[<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline]\n[<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline]\n[<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125\n[<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47\n[<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae\nIn commit 24803f38a5c0 (\"igmp: do not remove igmp souce list info when set\nlink down\"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed,\nbecause it was also called in igmpv3_clear_delrec().\nRough callgraph:\ninetdev_destroy\n-> ip_mc_destroy_dev\n-> igmpv3_clear_delrec\n-> ip_mc_clear_src\n-> RCU_INIT_POINTER(dev->ip_ptr, NULL)\nHowever, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't\nrelease in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the\nNULL to dev->ip_ptr. As a result, in_dev cannot be obtained through\ninetdev_by_index() and then in_dev->mc_list->sources cannot be released\nby ip_mc_del1_src() in the sock_close. Rough call sequence goes like:\nsock_close\n-> __sock_release\n-> inet_release\n-> ip_mc_drop_socket\n-> inetdev_by_index\n-> ip_mc_leave_src\n-> ip_mc_del_src\n-> ip_mc_del1_src\nSo we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free\nin_dev->mc_list->sources.", "A vulnerability was found in the Linux kernel's IPv4 code, within the ip_mc_add1_src function. This issue can lead to a memory leak, where certain memory resources are not properly released when a network interface is removed, resulting in increased memory usage and potential performance issues over time."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47238", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47238\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47238\nhttps://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47238-c466@gregkh/T"], "threat_severity": "Moderate"}

{

bugzilla : { »

description : kernel: net: ipv4: fix memory leak in ip_mc_add1_src (string)

id : 2282579 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2282579 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.3 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

status : draft (string)

}

cwe : CWE-400 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in ip_mc_add1_src BUG: memory leak unreferenced object 0xffff888101bc4c00 (size 32): comm "syz-executor527", pid 360, jiffies 4294807421 (age 19.329s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline] [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline] [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline] [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095 [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416 [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline] [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423 [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857 [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117 [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline] [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline] [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125 [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47 [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In commit 24803f38a5c0 ("igmp: do not remove igmp souce list info when set link down"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed, because it was also called in igmpv3_clear_delrec(). Rough callgraph: inetdev_destroy -> ip_mc_destroy_dev -> igmpv3_clear_delrec -> ip_mc_clear_src -> RCU_INIT_POINTER(dev->ip_ptr, NULL) However, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't release in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the NULL to dev->ip_ptr. As a result, in_dev cannot be obtained through inetdev_by_index() and then in_dev->mc_list->sources cannot be released by ip_mc_del1_src() in the sock_close. Rough call sequence goes like: sock_close -> __sock_release -> inet_release -> ip_mc_drop_socket -> inetdev_by_index -> ip_mc_leave_src -> ip_mc_del_src -> ip_mc_del1_src So we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free in_dev->mc_list->sources. (string)

1 : A vulnerability was found in the Linux kernel's IPv4 code, within the ip_mc_add1_src function. This issue can lead to a memory leak, where certain memory resources are not properly released when a network interface is removed, resulting in increased memory usage and potential performance issues over time. (string)

]

mitigation : { »

lang : en:us (string)

value : Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible. (string)

}

name : CVE-2021-47238 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

6 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-05-21T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2021-47238 https://nvd.nist.gov/vuln/detail/CVE-2021-47238 https://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47238-c466@gregkh/T (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object