{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2021-47238", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-04-10T18:59:19.532Z", "datePublished": "2024-05-21T14:19:39.041Z", "dateUpdated": "2026-05-11T13:50:37.983Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T13:50:37.983Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix memory leak in ip_mc_add1_src\n\nBUG: memory leak\nunreferenced object 0xffff888101bc4c00 (size 32):\n comm \"syz-executor527\", pid 360, jiffies 4294807421 (age 19.329s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................\n backtrace:\n [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline]\n [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline]\n [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline]\n [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095\n [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416\n [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline]\n [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423\n [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857\n [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117\n [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline]\n [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline]\n [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125\n [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47\n [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn commit 24803f38a5c0 (\"igmp: do not remove igmp souce list info when set\nlink down\"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed,\nbecause it was also called in igmpv3_clear_delrec().\n\nRough callgraph:\n\ninetdev_destroy\n-> ip_mc_destroy_dev\n -> igmpv3_clear_delrec\n -> ip_mc_clear_src\n-> RCU_INIT_POINTER(dev->ip_ptr, NULL)\n\nHowever, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't\nrelease in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the\nNULL to dev->ip_ptr. As a result, in_dev cannot be obtained through\ninetdev_by_index() and then in_dev->mc_list->sources cannot be released\nby ip_mc_del1_src() in the sock_close. Rough call sequence goes like:\n\nsock_close\n-> __sock_release\n -> inet_release\n -> ip_mc_drop_socket\n -> inetdev_by_index\n -> ip_mc_leave_src\n -> ip_mc_del_src\n -> ip_mc_del1_src\n\nSo we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free\nin_dev->mc_list->sources."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/igmp.c"], "versions": [{"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "0dc13e75507faa17ac9f7562b4ef7bf8fcd78422", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "6cff57eea3347f79f1867cc53e1093b6614138d8", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "1e28018b5c83d5073f74a6fb72eabe8370b2f501", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "3dd2aeac2e9624cff9fa634710837e4f2e352758", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "ac31cc837cafb57a271babad8ccffbf733caa076", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "77de6ee73f54a9a89c0afa0bf4c53b239aa9953a", "status": "affected", "versionType": "git"}, {"version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "d8e2973029b8b2ce477b564824431f3385c77083", "status": "affected", "versionType": "git"}, {"version": "bd1b664a19403ede448d29c87b2f23796bc7a577", "status": "affected", "versionType": "git"}, {"version": "b38c6e0bd5b5e439ecebdc0df599d573c2f610f8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/igmp.c"], "versions": [{"version": "4.9", "status": "affected"}, {"version": "0", "lessThan": "4.9", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.274", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.238", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.196", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.128", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.46", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.13", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "4.9.274"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "4.14.238"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "4.19.196"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.4.128"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.10.46"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.12.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2.87"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16.42"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422"}, {"url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8"}, {"url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501"}, {"url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758"}, {"url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076"}, {"url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a"}, {"url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083"}], "title": "net: ipv4: fix memory leak in ip_mc_add1_src", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "affected": [{"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "0dc13e75507f", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "6cff57eea334", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "1e28018b5c83", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "3dd2aeac2e96", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "ac31cc837caf", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "77de6ee73f54", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24803f38a5c0", "status": "affected", "lessThan": "d8e2973029b8", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.9", "status": "affected"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "unaffected", "lessThan": "4.9", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.9.274", "status": "unaffected", "lessThanOrEqual": "5.0", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.14.238", "status": "unaffected", "lessThanOrEqual": "4.15", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.19.196", "status": "unaffected", "lessThanOrEqual": "4.20", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.4.128", "status": "unaffected", "lessThanOrEqual": "5.5", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.10.46", "status": "unaffected", "lessThanOrEqual": "5.11", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.12.13", "status": "unaffected", "lessThanOrEqual": "5.13", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.13", "status": "unaffected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-07T19:57:25.364822Z", "id": "CVE-2021-47238", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T19:58:16.834Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.941Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.941Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-47238", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T18:42:08.780386Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "0dc13e75507f", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "6cff57eea334", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "1e28018b5c83", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "3dd2aeac2e96", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "ac31cc837caf", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "77de6ee73f54", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "24803f38a5c0", "lessThan": "d8e2973029b8", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "4.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "0", "lessThan": "4.9", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "4.9.274", "versionType": "custom", "lessThanOrEqual": "5.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "4.14.238", "versionType": "custom", "lessThanOrEqual": "4.15"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "4.19.196", "versionType": "custom", "lessThanOrEqual": "4.20"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.4.128", "versionType": "custom", "lessThanOrEqual": "5.5"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.10.46", "versionType": "custom", "lessThanOrEqual": "5.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.12.13", "versionType": "custom", "lessThanOrEqual": "5.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.13"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T18:43:58.230Z"}}], "cna": {"title": "net: ipv4: fix memory leak in ip_mc_add1_src", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "0dc13e75507faa17ac9f7562b4ef7bf8fcd78422", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "6cff57eea3347f79f1867cc53e1093b6614138d8", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "1e28018b5c83d5073f74a6fb72eabe8370b2f501", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "3dd2aeac2e9624cff9fa634710837e4f2e352758", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "ac31cc837cafb57a271babad8ccffbf733caa076", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "77de6ee73f54a9a89c0afa0bf4c53b239aa9953a", "versionType": "git"}, {"status": "affected", "version": "24803f38a5c0b6c57ed800b47e695f9ce474bc3a", "lessThan": "d8e2973029b8b2ce477b564824431f3385c77083", "versionType": "git"}, {"status": "affected", "version": "bd1b664a19403ede448d29c87b2f23796bc7a577", "versionType": "git"}, {"status": "affected", "version": "b38c6e0bd5b5e439ecebdc0df599d573c2f610f8", "versionType": "git"}], "programFiles": ["net/ipv4/igmp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.9"}, {"status": "unaffected", "version": "0", "lessThan": "4.9", "versionType": "semver"}, {"status": "unaffected", "version": "4.9.274", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.238", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.196", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.128", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.46", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.13", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/ipv4/igmp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422"}, {"url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8"}, {"url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501"}, {"url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758"}, {"url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076"}, {"url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a"}, {"url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix memory leak in ip_mc_add1_src\n\nBUG: memory leak\nunreferenced object 0xffff888101bc4c00 (size 32):\n comm \"syz-executor527\", pid 360, jiffies 4294807421 (age 19.329s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................\n backtrace:\n [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline]\n [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline]\n [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline]\n [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095\n [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416\n [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline]\n [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423\n [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857\n [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117\n [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline]\n [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline]\n [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125\n [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47\n [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn commit 24803f38a5c0 (\"igmp: do not remove igmp souce list info when set\nlink down\"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed,\nbecause it was also called in igmpv3_clear_delrec().\n\nRough callgraph:\n\ninetdev_destroy\n-> ip_mc_destroy_dev\n -> igmpv3_clear_delrec\n -> ip_mc_clear_src\n-> RCU_INIT_POINTER(dev->ip_ptr, NULL)\n\nHowever, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't\nrelease in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the\nNULL to dev->ip_ptr. As a result, in_dev cannot be obtained through\ninetdev_by_index() and then in_dev->mc_list->sources cannot be released\nby ip_mc_del1_src() in the sock_close. Rough call sequence goes like:\n\nsock_close\n-> __sock_release\n -> inet_release\n -> ip_mc_drop_socket\n -> inetdev_by_index\n -> ip_mc_leave_src\n -> ip_mc_del_src\n -> ip_mc_del1_src\n\nSo we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free\nin_dev->mc_list->sources."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.9.274", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.14.238", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.196", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.128", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.46", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.12.13", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.13", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "3.2.87"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "3.16.42"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:41:17.545Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47238", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:41:17.545Z", "dateReserved": "2024-04-10T18:59:19.532Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:19:39.041Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDF220AE-D4D3-4C0B-BFCA-4DDB897A81FA", "versionEndExcluding": "3.3", "versionStartIncluding": "3.2.87", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "776A78BD-F513-4084-AC1D-66E45A675E72", "versionEndExcluding": "3.17", "versionStartIncluding": "3.16.42", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B5A1555-2CC4-4652-AD96-3529D26B3447", "versionEndExcluding": "4.9.274", "versionStartIncluding": "4.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3C0DBBF-0923-4D2A-9178-134691F9933F", "versionEndExcluding": "4.14.238", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3CAB837-7D38-4934-AD4F-195CEFD754E6", "versionEndExcluding": "4.19.196", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6267BD4E-BE25-48B5-B850-4B493440DAFA", "versionEndExcluding": "5.4.128", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "59455D13-A902-42E1-97F7-5ED579777193", "versionEndExcluding": "5.10.46", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855", "versionEndExcluding": "5.12.13", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*", "matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*", "matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix memory leak in ip_mc_add1_src\n\nBUG: memory leak\nunreferenced object 0xffff888101bc4c00 (size 32):\n comm \"syz-executor527\", pid 360, jiffies 4294807421 (age 19.329s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................\n backtrace:\n [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline]\n [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline]\n [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline]\n [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095\n [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416\n [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline]\n [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423\n [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857\n [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117\n [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline]\n [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline]\n [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125\n [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47\n [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn commit 24803f38a5c0 (\"igmp: do not remove igmp souce list info when set\nlink down\"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed,\nbecause it was also called in igmpv3_clear_delrec().\n\nRough callgraph:\n\ninetdev_destroy\n-> ip_mc_destroy_dev\n -> igmpv3_clear_delrec\n -> ip_mc_clear_src\n-> RCU_INIT_POINTER(dev->ip_ptr, NULL)\n\nHowever, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't\nrelease in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the\nNULL to dev->ip_ptr. As a result, in_dev cannot be obtained through\ninetdev_by_index() and then in_dev->mc_list->sources cannot be released\nby ip_mc_del1_src() in the sock_close. Rough call sequence goes like:\n\nsock_close\n-> __sock_release\n -> inet_release\n -> ip_mc_drop_socket\n -> inetdev_by_index\n -> ip_mc_leave_src\n -> ip_mc_del_src\n -> ip_mc_del1_src\n\nSo we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free\nin_dev->mc_list->sources."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ipv4: corrige la p\u00e9rdida de memoria en ip_mc_add1_src. BUG: p\u00e9rdida de memoria objeto sin referencia 0xffff888101bc4c00 (tama\u00f1o 32): comm \"syz-executor527\", pid 360, jiffies 4294807421 (edad 19.329s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [&lt;00000000f17c5244&gt;] kmalloc include/linux/slab.h:558 [en l\u00ednea] [&lt;00000000f17c5244&gt;] kzalloc include/ linux/slab.h:688 [en l\u00ednea] [&lt;00000000f17c5244&gt;] ip_mc_add1_src net/ipv4/igmp.c:1971 [en l\u00ednea] [&lt;00000000f17c5244&gt;] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095 &lt;000000001cb99709 &gt;] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416 [&lt;0000000052cf19ed&gt;] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [en l\u00ednea] [&lt;0000000052cf19ed&gt;] 0net/ipv4/ip_sockglue. c:1423 [&lt;00000000477edfbc&gt;] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857 [&lt;00000000e75ca9bb&gt;] __sys_setsockopt+0x158/0x270 net/socket.c:2117 [&lt;00000000bdb993 a8&gt;] __do_sys_setsockopt net/socket.c :2128 [en l\u00ednea] [&lt;00000000bdb993a8&gt;] __se_sys_setsockopt net/socket.c:2125 [en l\u00ednea] [&lt;00000000bdb993a8&gt;] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125 [&lt;000000006a 1ffdbd&gt;] do_syscall_64+0x40/0x80 arch/ x86/entry/common.c:47 [&lt;00000000b11467c4&gt;] Entry_SYSCALL_64_after_hwframe+0x44/0xae En la confirmaci\u00f3n 24803f38a5c0 (\"igmp: no eliminar la informaci\u00f3n de la lista de fuentes de igmp cuando se establece el enlace\"), se elimin\u00f3 ip_mc_clear_src() en ip_mc_destroy_dev() , porque tambi\u00e9n fue llamado en igmpv3_clear_delrec(). Gr\u00e1fico de llamada aproximado: inetdev_destroy -&gt; ip_mc_destroy_dev -&gt; igmpv3_clear_delrec -&gt; ip_mc_clear_src -&gt; RCU_INIT_POINTER(dev-&gt;ip_ptr, NULL) Sin embargo, ip_mc_clear_src() llamado en igmpv3_clear_delrec() no libera in_dev-&gt;mc_list-&gt;sources. Y RCU_INIT_POINTER() asigna NULL a dev-&gt;ip_ptr. Como resultado, in_dev no se puede obtener a trav\u00e9s de inetdev_by_index() y luego in_dev-&gt;mc_list-&gt;sources no se puede liberar mediante ip_mc_del1_src() en sock_close. La secuencia de llamada aproximada es as\u00ed: sock_close -&gt; __sock_release -&gt; inet_release -&gt; ip_mc_drop_socket -&gt; inetdev_by_index -&gt; ip_mc_leave_src -&gt; ip_mc_del_src -&gt; ip_mc_del1_src Entonces todav\u00eda necesitamos llamar a ip_mc_clear_src() en ip_mc_destroy_dev() para liberar in_dev-&gt;mc_list -&gt;fuentes ."}], "id": "CVE-2021-47238", "lastModified": "2025-04-04T14:31:03.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-21T15:15:13.017", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: net: ipv4: fix memory leak in ip_mc_add1_src", "id": "2282579", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282579"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: ipv4: fix memory leak in ip_mc_add1_src\nBUG: memory leak\nunreferenced object 0xffff888101bc4c00 (size 32):\ncomm \"syz-executor527\", pid 360, jiffies 4294807421 (age 19.329s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................\nbacktrace:\n[<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline]\n[<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline]\n[<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline]\n[<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095\n[<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416\n[<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline]\n[<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423\n[<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857\n[<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117\n[<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline]\n[<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline]\n[<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125\n[<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47\n[<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae\nIn commit 24803f38a5c0 (\"igmp: do not remove igmp souce list info when set\nlink down\"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed,\nbecause it was also called in igmpv3_clear_delrec().\nRough callgraph:\ninetdev_destroy\n-> ip_mc_destroy_dev\n-> igmpv3_clear_delrec\n-> ip_mc_clear_src\n-> RCU_INIT_POINTER(dev->ip_ptr, NULL)\nHowever, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't\nrelease in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the\nNULL to dev->ip_ptr. As a result, in_dev cannot be obtained through\ninetdev_by_index() and then in_dev->mc_list->sources cannot be released\nby ip_mc_del1_src() in the sock_close. Rough call sequence goes like:\nsock_close\n-> __sock_release\n-> inet_release\n-> ip_mc_drop_socket\n-> inetdev_by_index\n-> ip_mc_leave_src\n-> ip_mc_del_src\n-> ip_mc_del1_src\nSo we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free\nin_dev->mc_list->sources.", "A vulnerability was found in the Linux kernel's IPv4 code, within the ip_mc_add1_src function. This issue can lead to a memory leak, where certain memory resources are not properly released when a network interface is removed, resulting in increased memory usage and potential performance issues over time."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47238", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47238\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47238\nhttps://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47238-c466@gregkh/T"], "threat_severity": "Moderate"}

{}