CVE-2021-47442 - Vulnerability Details

- NFC: digital: fix possible memory leak in digital_in_send_sdd_req()

Description

In the Linux kernel, the following vulnerability has been resolved:

NFC: digital: fix possible memory leak in digital_in_send_sdd_req()

'skb' is allocated in digital_in_send_sdd_req(), but not free when
digital_in_send_cmd() failed, which will cause memory leak. Fix it
by freeing 'skb' if digital_in_send_cmd() return failed.

Published: 2024-05-22

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`2c66daecc4092e6049673c281b2e6f0d5e59a94c`	affected	< 74569c78aa84f8c958f1334b465bc530906ec99a
`2c66daecc4092e6049673c281b2e6f0d5e59a94c`	affected	< 88c890b0b9a1fb9fcd01c61ada515e8b636c34f9
`2c66daecc4092e6049673c281b2e6f0d5e59a94c`	affected	< fcce6e5255474ca33c27dda0cdf9bf5087278873
`2c66daecc4092e6049673c281b2e6f0d5e59a94c`	affected	< 071bdef36391958c89af5fa2172f691b31baa212
`2c66daecc4092e6049673c281b2e6f0d5e59a94c`	affected	< 2bde4aca56db9fe25405d39ddb062531493a65db
`2c66daecc4092e6049673c281b2e6f0d5e59a94c`	affected	< 50cb95487c265187289810addec5093d4fed8329
`2c66daecc4092e6049673c281b2e6f0d5e59a94c`	affected	< 6432d7f1d1c3aa74cfe8f5e3afdf81b786c32e86
`2c66daecc4092e6049673c281b2e6f0d5e59a94c`	affected	< 291c932fc3692e4d211a445ba8aa35663831bac7

Linux

affected

Version	Status	Constraints
`3.13`	affected	—
`0`	unaffected	< 3.13
`4.4.290`	unaffected	≤ 4.4.*
`4.9.288`	unaffected	≤ 4.9.*
`4.14.252`	unaffected	≤ 4.14.*
`4.19.213`	unaffected	≤ 4.19.*
`5.4.155`	unaffected	≤ 5.4.*
`5.10.75`	unaffected	≤ 5.10.*
`5.14.14`	unaffected	≤ 5.14.*
`5.15`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc5::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://git.kernel.org/stable/c/071bdef36391958c89af5fa2172f691b31baa212
https://git.kernel.org/stable/c/291c932fc3692e4d211a445ba8aa35663831bac7
https://git.kernel.org/stable/c/2bde4aca56db9fe25405d39ddb062531493a65db
https://git.kernel.org/stable/c/50cb95487c265187289810addec5093d4fed8329
https://git.kernel.org/stable/c/6432d7f1d1c3aa74cfe8f5e3afdf81b786c32e86
https://git.kernel.org/stable/c/74569c78aa84f8c958f1334b465bc530906ec99a
https://git.kernel.org/stable/c/88c890b0b9a1fb9fcd01c61ada515e8b636c34f9
https://git.kernel.org/stable/c/fcce6e5255474ca33c27dda0cdf9bf5087278873
https://nvd.nist.gov/vuln/detail/CVE-2021-47442
https://www.cve.org/CVERecord?id=CVE-2021-47442

History

Tue, 07 Jan 2025 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc5::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 04 Nov 2024 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-22T06:19:36.228Z

Updated: 2026-05-11T13:54:47.112Z

Reserved: 2024-05-21T14:58:30.831Z

Link: CVE-2021-47442

Vulnrichment

Updated: 2024-08-04T05:39:59.323Z

NVD

Status : Analyzed

Published: 2024-05-22T07:15:09.430

Modified: 2025-01-07T20:14:00.147

Link: CVE-2021-47442

Redhat

Severity : Low

Publid Date: 2024-05-22T00:00:00Z

Links: CVE-2021-47442 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-401

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object