What is the severity of CVE-2021-47416?

CVE-2021-47416 has been classified as affecting multiple versions of the Linux kernel due to a memory leak in the MDIO bus interface.

How do I fix CVE-2021-47416?

To resolve CVE-2021-47416, update your Linux kernel to the latest stable version that includes fixes for the vulnerability.

What are the affected versions for CVE-2021-47416?

CVE-2021-47416 affects multiple versions of the Linux kernel, specifically versions between 2.6.28 to 5.15-rc4.

How was CVE-2021-47416 discovered?

CVE-2021-47416 was identified by Syzbot, which reported a memory leak issue in the MDIO bus interface due to incorrect state logic.

Is CVE-2021-47416 a critical vulnerability?

CVE-2021-47416 is not rated as critical but still poses a significant issue due to the potential for memory leaks in affected systems.

Vulnerability/
CVE-2021-47416

medium

5.5

CWE

401

21/5/2024

31/12/2024

CVE-2021-47416: phy: mdio: fix memory leak

First published: Tue May 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiobus_register() fails, but device_register() was called In case of device_register() has been called we should call put_device() to correctly free the memory allocated for this device, but mdiobus_free() calls just kfree(dev) in case of MDIOBUS_ALLOCATED state To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED _before_ calling device_register(), because put_device() should be called even in case of device_register() failure.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel	>=2.6.28<4.4.289
Linux Kernel	>=4.5<4.9.287
Linux Kernel	>=4.10<4.14.251
Linux Kernel	>=4.15<4.19.211
Linux Kernel	>=4.20<5.4.153
Linux Kernel	>=5.5<5.10.73
Linux Kernel	>=5.11<5.14.12
Linux Kernel	=5.15-rc1
Linux Kernel	=5.15-rc2
Linux Kernel	=5.15-rc3
Linux Kernel	=5.15-rc4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-47416?
CVE-2021-47416 has been classified as affecting multiple versions of the Linux kernel due to a memory leak in the MDIO bus interface.
How do I fix CVE-2021-47416?
To resolve CVE-2021-47416, update your Linux kernel to the latest stable version that includes fixes for the vulnerability.
What are the affected versions for CVE-2021-47416?
CVE-2021-47416 affects multiple versions of the Linux kernel, specifically versions between 2.6.28 to 5.15-rc4.
How was CVE-2021-47416 discovered?
CVE-2021-47416 was identified by Syzbot, which reported a memory leak issue in the MDIO bus interface due to incorrect state logic.
Is CVE-2021-47416 a critical vulnerability?
CVE-2021-47416 is not rated as critical but still poses a significant issue due to the potential for memory leaks in affected systems.

agent/references
agent/title
agent/description
agent/first-publish-date
agent/type
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/linux
canonical/linux kernel
version/linux kernel/2.6.28
version/linux kernel/4.5
version/linux kernel/4.10
version/linux kernel/4.15
version/linux kernel/4.20
version/linux kernel/5.5
version/linux kernel/5.11
version/linux kernel/5.15-rc1
version/linux kernel/5.15-rc2
version/linux kernel/5.15-rc3
version/linux kernel/5.15-rc4

Frequently Asked Questions

What is the severity of CVE-2021-47416?
CVE-2021-47416 has been classified as affecting multiple versions of the Linux kernel due to a memory leak in the MDIO bus interface.
How do I fix CVE-2021-47416?
To resolve CVE-2021-47416, update your Linux kernel to the latest stable version that includes fixes for the vulnerability.
What are the affected versions for CVE-2021-47416?
CVE-2021-47416 affects multiple versions of the Linux kernel, specifically versions between 2.6.28 to 5.15-rc4.
How was CVE-2021-47416 discovered?
CVE-2021-47416 was identified by Syzbot, which reported a memory leak issue in the MDIO bus interface due to incorrect state logic.
Is CVE-2021-47416 a critical vulnerability?
CVE-2021-47416 is not rated as critical but still poses a significant issue due to the potential for memory leaks in affected systems.

CVE-2021-47416: phy: mdio: fix memory leak

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-47416?

How do I fix CVE-2021-47416?

What are the affected versions for CVE-2021-47416?

How was CVE-2021-47416 discovered?

Is CVE-2021-47416 a critical vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2021-47416?

How do I fix CVE-2021-47416?

What are the affected versions for CVE-2021-47416?

How was CVE-2021-47416 discovered?

Is CVE-2021-47416 a critical vulnerability?