CVE-2021-47568 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memleak in get_file_stream_info() Fix memleak in get_file_stream_info()

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51
https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d
https://lore.kernel.org/linux-cve-announce/2024052453-CVE-2021-47568-bf15@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47568
https://www.cve.org/CVERecord?id=CVE-2021-47568

History

Thu, 19 Sep 2024 23:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400	CWE-401
Metrics	cvssV3_1 `{'score': 4.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-24T15:12:54.742Z

Updated: 2024-08-04T05:39:59.820Z

Reserved: 2024-05-24T15:11:00.728Z

Link: CVE-2021-47568

Vulnrichment

Updated: 2024-08-04T05:39:59.820Z

NVD

Status : Awaiting Analysis

Published: 2024-05-24T15:15:22.007

Modified: 2024-05-24T18:09:20.027

Link: CVE-2021-47568

Redhat

Severity : Moderate

Publid Date: 2024-05-24T00:00:00Z

Links: CVE-2021-47568 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47568", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-24T15:11:00.728Z", "datePublished": "2024-05-24T15:12:54.742Z", "dateUpdated": "2024-08-04T05:39:59.820Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:10:17.476Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix memleak in get_file_stream_info()\n\nFix memleak in get_file_stream_info()"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ksmbd/smb2pdu.c"], "versions": [{"version": "34061d6b76a4", "lessThan": "11e659827c3a", "status": "affected", "versionType": "git"}, {"version": "34061d6b76a4", "lessThan": "178ca6f85aa3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ksmbd/smb2pdu.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.6", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51"}, {"url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d"}], "title": "ksmbd: fix memleak in get_file_stream_info()", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T19:25:13.311391Z", "id": "CVE-2021-47568", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T19:25:21.892Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.820Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.820Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47568", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-20T19:25:13.311391Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T19:25:18.471Z"}}], "cna": {"title": "ksmbd: fix memleak in get_file_stream_info()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "34061d6b76a4", "lessThan": "11e659827c3a", "versionType": "git"}, {"status": "affected", "version": "34061d6b76a4", "lessThan": "178ca6f85aa3", "versionType": "git"}], "programFiles": ["fs/ksmbd/smb2pdu.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15"}, {"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "custom"}, {"status": "unaffected", "version": "5.15.6", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ksmbd/smb2pdu.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51"}, {"url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix memleak in get_file_stream_info()\n\nFix memleak in get_file_stream_info()"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:10:17.476Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47568", "state": "PUBLISHED", "dateUpdated": "2024-08-04T05:39:59.820Z", "dateReserved": "2024-05-24T15:11:00.728Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-24T15:12:54.742Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: ksmbd: fix memleak in get_file_stream_info()", "id": "2283461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283461"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nksmbd: fix memleak in get_file_stream_info()\nFix memleak in get_file_stream_info()", "A flaw was found in the ksmbd module in the Linux kernel. Under some conditions, a memory leak can occur in the get_file_stream_info function in the fs/ksmbd/smb2pdu.c file, potentially impacting system performance and possibly resulting in a denial of service."], "name": "CVE-2021-47568", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47568\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47568\nhttps://lore.kernel.org/linux-cve-announce/2024052453-CVE-2021-47568-bf15@gregkh/T"], "statement": "The ksmbd module is not built in the kernel shipped in Red Hat Enterprise Linux, so it is not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.6, kernel 5.16"}