ghsa-2r2x-3jh4-chhv
Vulnerability from github
Published
2024-05-22 09:31
Modified
2024-05-22 09:31
Details

In the Linux kernel, the following vulnerability has been resolved:

ptp: Fix possible memory leak in ptp_clock_register()

I got memory leak as follows when doing fault injection test:

unreferenced object 0xffff88800906c618 (size 8): comm "i2c-idt82p33931", pid 4421, jiffies 4294948083 (age 13.188s) hex dump (first 8 bytes): 70 74 70 30 00 00 00 00 ptp0.... backtrace: [<00000000312ed458>] __kmalloc_track_caller+0x19f/0x3a0 [<0000000079f6e2ff>] kvasprintf+0xb5/0x150 [<0000000026aae54f>] kvasprintf_const+0x60/0x190 [<00000000f323a5f7>] kobject_set_name_vargs+0x56/0x150 [<000000004e35abdd>] dev_set_name+0xc0/0x100 [<00000000f20cfe25>] ptp_clock_register+0x9f4/0xd30 [ptp] [<000000008bb9f0de>] idt82p33_probe.cold+0x8b6/0x1561 [ptp_idt82p33]

When posix_clock_register() returns an error, the name allocated in dev_set_name() will be leaked, the put_device() should be used to give up the device reference, then the name will be freed in kobject_cleanup() and other memory will be freed in ptp_clock_release().

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2021-47455"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T07:15:10Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: Fix possible memory leak in ptp_clock_register()\n\nI got memory leak as follows when doing fault injection test:\n\nunreferenced object 0xffff88800906c618 (size 8):\n  comm \"i2c-idt82p33931\", pid 4421, jiffies 4294948083 (age 13.188s)\n  hex dump (first 8 bytes):\n    70 74 70 30 00 00 00 00                          ptp0....\n  backtrace:\n    [\u003c00000000312ed458\u003e] __kmalloc_track_caller+0x19f/0x3a0\n    [\u003c0000000079f6e2ff\u003e] kvasprintf+0xb5/0x150\n    [\u003c0000000026aae54f\u003e] kvasprintf_const+0x60/0x190\n    [\u003c00000000f323a5f7\u003e] kobject_set_name_vargs+0x56/0x150\n    [\u003c000000004e35abdd\u003e] dev_set_name+0xc0/0x100\n    [\u003c00000000f20cfe25\u003e] ptp_clock_register+0x9f4/0xd30 [ptp]\n    [\u003c000000008bb9f0de\u003e] idt82p33_probe.cold+0x8b6/0x1561 [ptp_idt82p33]\n\nWhen posix_clock_register() returns an error, the name allocated\nin dev_set_name() will be leaked, the put_device() should be used\nto give up the device reference, then the name will be freed in\nkobject_cleanup() and other memory will be freed in ptp_clock_release().",
  "id": "GHSA-2r2x-3jh4-chhv",
  "modified": "2024-05-22T09:31:45Z",
  "published": "2024-05-22T09:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47455"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4225fea1cb28370086e17e82c0f69bec2779dca0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95c0a0c5ec8839f8f21672be786e87a100319ca8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.