CVE-2021-47568 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memleak in get_file_stream_info() Fix memleak in get_file_stream_info()

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.16:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.16:rc2::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51
https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d
https://lore.kernel.org/linux-cve-announce/2024052453-CVE-2021-47568-bf15@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47568
https://www.cve.org/CVERecord?id=CVE-2021-47568

History

Mon, 06 Jan 2025 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.16:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.16:rc2::::::
Vendors & Products		Linux Linux linux Kernel

Fri, 20 Dec 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 19 Sep 2024 23:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400	CWE-401
Metrics	cvssV3_1 `{'score': 4.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-24T15:12:54.742Z

Updated: 2024-12-19T07:44:59.991Z

Reserved: 2024-05-24T15:11:00.728Z

Link: CVE-2021-47568

Vulnrichment

Updated: 2024-08-04T05:39:59.820Z

NVD

Status : Analyzed

Published: 2024-05-24T15:15:22.007

Modified: 2025-01-06T21:33:33.463

Link: CVE-2021-47568

Redhat

Severity : Moderate

Publid Date: 2024-05-24T00:00:00Z

Links: CVE-2021-47568 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47568", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-24T15:11:00.728Z", "datePublished": "2024-05-24T15:12:54.742Z", "dateUpdated": "2024-12-19T07:44:59.991Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:44:59.991Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix memleak in get_file_stream_info()\n\nFix memleak in get_file_stream_info()"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ksmbd/smb2pdu.c"], "versions": [{"version": "34061d6b76a41b1e43c19e1e50d98e5d77f77d4e", "lessThan": "11e659827c3a2facb3a04e08cc97ff14d5091f51", "status": "affected", "versionType": "git"}, {"version": "34061d6b76a41b1e43c19e1e50d98e5d77f77d4e", "lessThan": "178ca6f85aa3231094467691f5ea1ff2f398aa8d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ksmbd/smb2pdu.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.6", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51"}, {"url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d"}], "title": "ksmbd: fix memleak in get_file_stream_info()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T19:25:13.311391Z", "id": "CVE-2021-47568", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T19:25:21.892Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.820Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.820Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47568", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-20T19:25:13.311391Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T19:25:18.471Z"}}], "cna": {"title": "ksmbd: fix memleak in get_file_stream_info()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "34061d6b76a41b1e43c19e1e50d98e5d77f77d4e", "lessThan": "11e659827c3a2facb3a04e08cc97ff14d5091f51", "versionType": "git"}, {"status": "affected", "version": "34061d6b76a41b1e43c19e1e50d98e5d77f77d4e", "lessThan": "178ca6f85aa3231094467691f5ea1ff2f398aa8d", "versionType": "git"}], "programFiles": ["fs/ksmbd/smb2pdu.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15"}, {"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.6", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ksmbd/smb2pdu.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51"}, {"url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix memleak in get_file_stream_info()\n\nFix memleak in get_file_stream_info()"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:44:59.991Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47568", "state": "PUBLISHED", "dateUpdated": "2024-12-19T07:44:59.991Z", "dateReserved": "2024-05-24T15:11:00.728Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-24T15:12:54.742Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "082C8F69-46F5-469A-A650-E0340F11BEF5", "versionEndExcluding": "5.15.6", "versionStartIncluding": "5.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*", "matchCriteriaId": "A73429BA-C2D9-4D0C-A75F-06A1CA8B3983", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix memleak in get_file_stream_info()\n\nFix memleak in get_file_stream_info()"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: corrige memleak en get_file_stream_info() Corrige memleak en get_file_stream_info()"}], "id": "CVE-2021-47568", "lastModified": "2025-01-06T21:33:33.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-24T15:15:22.007", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ksmbd: fix memleak in get_file_stream_info()", "id": "2283461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283461"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nksmbd: fix memleak in get_file_stream_info()\nFix memleak in get_file_stream_info()", "A flaw was found in the ksmbd module in the Linux kernel. Under some conditions, a memory leak can occur in the get_file_stream_info function in the fs/ksmbd/smb2pdu.c file, potentially impacting system performance and possibly resulting in a denial of service."], "name": "CVE-2021-47568", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47568\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47568\nhttps://lore.kernel.org/linux-cve-announce/2024052453-CVE-2021-47568-bf15@gregkh/T"], "statement": "The ksmbd module is not built in the kernel shipped in Red Hat Enterprise Linux, so it is not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.6, kernel 5.16"}