CVE-2021-47173: misc/uss720: fix memory leak in uss720_probe
First published: Mon Mar 25 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced object 0xffff888101113800 (size 2048): comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) hex dump (first 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................ backtrace: [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline] [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline] [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline] [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline] [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292 [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=2.6.14<4.4.271 | |
| Linux Kernel | >=4.5<4.9.271 | |
| Linux Kernel | >=4.10<4.14.235 | |
| Linux Kernel | >=4.15<4.19.193 | |
| Linux Kernel | >=4.20<5.4.124 | |
| Linux Kernel | >=5.5<5.10.42 | |
| Linux Kernel | >=5.11<5.12.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/5f46b2410db2c8f26b8bb91b40deebf4ec184391
- https://git.kernel.org/stable/c/7889c70e6173ef358f3cd7578db127a489035a42
- https://git.kernel.org/stable/c/bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364
- https://git.kernel.org/stable/c/386918878ce4cd676e4607233866e03c9399a46a
- https://git.kernel.org/stable/c/36b5ff1db1a4ef4fdbc2bae364344279f033ad88
- https://git.kernel.org/stable/c/5394ae9d8c7961dd93807fdf1b12a1dde96b0a55
- https://git.kernel.org/stable/c/a3c3face38cb49932c62adcc1289914f1c742096
- https://git.kernel.org/stable/c/dcb4b8ad6a448532d8b681b5d1a7036210b622de
Frequently Asked Questions
What is the severity of CVE-2021-47173?
CVE-2021-47173 is classified as a medium severity vulnerability due to a memory leak issue in the Linux kernel.
What systems are affected by CVE-2021-47173?
CVE-2021-47173 affects various versions of the Linux kernel from 2.6.14 up to 5.12.9, within specific version ranges.
How do I fix CVE-2021-47173?
To resolve CVE-2021-47173, users should update their Linux kernel to a version that includes the fix for the memory leak.
What is the impact of CVE-2021-47173?
The impact of CVE-2021-47173 is primarily a memory leak that could lead to resource exhaustion in affected systems.
When was CVE-2021-47173 published?
CVE-2021-47173 was publicly disclosed in 2021 as part of the ongoing updates to the Linux kernel.
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/event
- agent/severity
- agent/weakness
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.14
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11