CVE-2021-47249 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel

Link	Providers
https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a
https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02
https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042
https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c
https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f
https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86
https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f
https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91
https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2021-47249-ed65@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47249
https://www.cve.org/CVERecord?id=CVE-2021-47249

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:5.13:rc6::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47249", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-04-10T18:59:19.536Z", "datePublished": "2024-05-21T14:19:46.238Z", "dateUpdated": "2025-05-04T07:07:07.809Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:07:07.809Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rds: fix memory leak in rds_recvmsg\n\nSyzbot reported memory leak in rds. The problem\nwas in unputted refcount in case of error.\n\nint rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,\n\t\tint msg_flags)\n{\n...\n\n\tif (!rds_next_incoming(rs, &inc)) {\n\t\t...\n\t}\n\nAfter this \"if\" inc refcount incremented and\n\n\tif (rds_cmsg_recv(inc, msg, rs)) {\n\t\tret = -EFAULT;\n\t\tgoto out;\n\t}\n...\nout:\n\treturn ret;\n}\n\nin case of rds_cmsg_recv() fail the refcount won't be\ndecremented. And it's easy to see from ftrace log, that\nrds_inc_addref() don't have rds_inc_put() pair in\nrds_recvmsg() after rds_cmsg_recv()\n\n 1)               |  rds_recvmsg() {\n 1)   3.721 us    |    rds_inc_addref();\n 1)   3.853 us    |    rds_message_inc_copy_to_user();\n 1) + 10.395 us   |    rds_cmsg_recv();\n 1) + 34.260 us   |  }"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/rds/recv.c"], "versions": [{"version": "bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb", "lessThan": "8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f", "status": "affected", "versionType": "git"}, {"version": "bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb", "lessThan": "423c6939758fb3b9cf5abbd1e7792068a5c4ae8c", "status": "affected", "versionType": "git"}, {"version": "bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb", "lessThan": "1f79bc8ae81c05eb112a53f981cb2c244ee50d02", "status": "affected", "versionType": "git"}, {"version": "bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb", "lessThan": "06b7cb0194bd1ede0dd27f3a946e7c0279fba44a", "status": "affected", "versionType": "git"}, {"version": "bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb", "lessThan": "2038cd15eacdf7512755c27686822e0052eb9042", "status": "affected", "versionType": "git"}, {"version": "bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb", "lessThan": "5946fbf48355f5a8caeff72580c7658da5966b86", "status": "affected", "versionType": "git"}, {"version": "bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb", "lessThan": "b25b60d076164edb3025e85aabd2cf50a5215b91", "status": "affected", "versionType": "git"}, {"version": "bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb", "lessThan": "49bfcbfd989a8f1f23e705759a6bb099de2cff9f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/rds/recv.c"], "versions": [{"version": "2.6.30", "status": "affected"}, {"version": "0", "lessThan": "2.6.30", "status": "unaffected", "versionType": "semver"}, {"version": "4.4.274", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.274", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.238", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.196", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.128", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.46", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.13", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "4.4.274"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "4.9.274"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "4.14.238"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "4.19.196"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "5.4.128"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "5.10.46"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "5.12.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.30", "versionEndExcluding": "5.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f"}, {"url": "https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c"}, {"url": "https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02"}, {"url": "https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a"}, {"url": "https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042"}, {"url": "https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86"}, {"url": "https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91"}, {"url": "https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f"}], "title": "net: rds: fix memory leak in rds_recvmsg", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47249", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T21:22:20.748261Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:13:47.884Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.936Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2021-47249 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-04-10T18:59:19.536Z (string)

datePublished : 2024-05-21T14:19:46.238Z (string)

dateUpdated : 2025-05-04T07:07:07.809Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T07:07:07.809Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &inc)) { ... } After this "if" inc refcount incremented and if (rds_cmsg_recv(inc, msg, rs)) { ret = -EFAULT; goto out; } ... out: return ret; } in case of rds_cmsg_recv() fail the refcount won't be decremented. And it's easy to see from ftrace log, that rds_inc_addref() don't have rds_inc_put() pair in rds_recvmsg() after rds_cmsg_recv() 1) | rds_recvmsg() { 1) 3.721 us | rds_inc_addref(); 1) 3.853 us | rds_message_inc_copy_to_user(); 1) + 10.395 us | rds_cmsg_recv(); 1) + 34.260 us | } (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/rds/recv.c (string)

]

versions : [ »

0 : { »

version : bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb (string)

lessThan : 8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb (string)

lessThan : 423c6939758fb3b9cf5abbd1e7792068a5c4ae8c (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb (string)

lessThan : 1f79bc8ae81c05eb112a53f981cb2c244ee50d02 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb (string)

lessThan : 06b7cb0194bd1ede0dd27f3a946e7c0279fba44a (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb (string)

lessThan : 2038cd15eacdf7512755c27686822e0052eb9042 (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb (string)

lessThan : 5946fbf48355f5a8caeff72580c7658da5966b86 (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb (string)

lessThan : b25b60d076164edb3025e85aabd2cf50a5215b91 (string)

status : affected (string)

versionType : git (string)

}

7 : { »

version : bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb (string)

lessThan : 49bfcbfd989a8f1f23e705759a6bb099de2cff9f (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/rds/recv.c (string)

]

versions : [ »

0 : { »

version : 2.6.30 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 2.6.30 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 4.4.274 (string)

lessThanOrEqual : 4.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 4.9.274 (string)

lessThanOrEqual : 4.9.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 4.14.238 (string)

lessThanOrEqual : 4.14.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 4.19.196 (string)

lessThanOrEqual : 4.19.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 5.4.128 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 5.10.46 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

8 : { »

version : 5.12.13 (string)

lessThanOrEqual : 5.12.* (string)

status : unaffected (string)

versionType : semver (string)

}

9 : { »

version : 5.13 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 2.6.30 (string)

versionEndExcluding : 4.4.274 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 2.6.30 (string)

versionEndExcluding : 4.9.274 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 2.6.30 (string)

versionEndExcluding : 4.14.238 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 2.6.30 (string)

versionEndExcluding : 4.19.196 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 2.6.30 (string)

versionEndExcluding : 5.4.128 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 2.6.30 (string)

versionEndExcluding : 5.10.46 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 2.6.30 (string)

versionEndExcluding : 5.12.13 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 2.6.30 (string)

versionEndExcluding : 5.13 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f (string)

}

1 : { »

url : https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c (string)

}

2 : { »

url : https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a (string)

}

4 : { »

url : https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f (string)

}

]

title : net: rds: fix memory leak in rds_recvmsg (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2021-47249 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-23T21:22:20.748261Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-04T17:13:47.884Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T05:32:07.936Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.936Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47249", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T21:22:20.748261Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T21:22:24.257Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "net: rds: fix memory leak in rds_recvmsg", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "bdbe6fbc6a2f", "lessThan": "8c3ec88b03e9", "versionType": "git"}, {"status": "affected", "version": "bdbe6fbc6a2f", "lessThan": "423c6939758f", "versionType": "git"}, {"status": "affected", "version": "bdbe6fbc6a2f", "lessThan": "1f79bc8ae81c", "versionType": "git"}, {"status": "affected", "version": "bdbe6fbc6a2f", "lessThan": "06b7cb0194bd", "versionType": "git"}, {"status": "affected", "version": "bdbe6fbc6a2f", "lessThan": "2038cd15eacd", "versionType": "git"}, {"status": "affected", "version": "bdbe6fbc6a2f", "lessThan": "5946fbf48355", "versionType": "git"}, {"status": "affected", "version": "bdbe6fbc6a2f", "lessThan": "b25b60d07616", "versionType": "git"}, {"status": "affected", "version": "bdbe6fbc6a2f", "lessThan": "49bfcbfd989a", "versionType": "git"}], "programFiles": ["net/rds/recv.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.30"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.30", "versionType": "semver"}, {"status": "unaffected", "version": "4.4.274", "versionType": "semver", "lessThanOrEqual": "4.4.*"}, {"status": "unaffected", "version": "4.9.274", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.238", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.196", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.128", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.46", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.13", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "semver", "lessThanOrEqual": "*"}], "programFiles": ["net/rds/recv.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f"}, {"url": "https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c"}, {"url": "https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02"}, {"url": "https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a"}, {"url": "https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042"}, {"url": "https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86"}, {"url": "https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91"}, {"url": "https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f"}], "x_generator": {"engine": "bippy-c8e10e5f6187"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rds: fix memory leak in rds_recvmsg\n\nSyzbot reported memory leak in rds. The problem\nwas in unputted refcount in case of error.\n\nint rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,\n\t\tint msg_flags)\n{\n...\n\n\tif (!rds_next_incoming(rs, &inc)) {\n\t\t...\n\t}\n\nAfter this \"if\" inc refcount incremented and\n\n\tif (rds_cmsg_recv(inc, msg, rs)) {\n\t\tret = -EFAULT;\n\t\tgoto out;\n\t}\n...\nout:\n\treturn ret;\n}\n\nin case of rds_cmsg_recv() fail the refcount won't be\ndecremented. And it's easy to see from ftrace log, that\nrds_inc_addref() don't have rds_inc_put() pair in\nrds_recvmsg() after rds_cmsg_recv()\n\n 1)               |  rds_recvmsg() {\n 1)   3.721 us    |    rds_inc_addref();\n 1)   3.853 us    |    rds_message_inc_copy_to_user();\n 1) + 10.395 us   |    rds_cmsg_recv();\n 1) + 34.260 us   |  }"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:37:35.230Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47249", "state": "PUBLISHED", "dateUpdated": "2024-11-04T11:37:35.230Z", "dateReserved": "2024-04-10T18:59:19.536Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:19:46.238Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T05:32:07.936Z (string)

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2021-47249 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-23T21:22:20.748261Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-05-23T21:22:24.257Z (string)

}

title : CISA ADP Vulnrichment (string)

}

]

cna : { »

title : net: rds: fix memory leak in rds_recvmsg (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : bdbe6fbc6a2f (string)

lessThan : 8c3ec88b03e9 (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : bdbe6fbc6a2f (string)

lessThan : 423c6939758f (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : bdbe6fbc6a2f (string)

lessThan : 1f79bc8ae81c (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : bdbe6fbc6a2f (string)

lessThan : 06b7cb0194bd (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : bdbe6fbc6a2f (string)

lessThan : 2038cd15eacd (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : bdbe6fbc6a2f (string)

lessThan : 5946fbf48355 (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : bdbe6fbc6a2f (string)

lessThan : b25b60d07616 (string)

versionType : git (string)

}

7 : { »

status : affected (string)

version : bdbe6fbc6a2f (string)

lessThan : 49bfcbfd989a (string)

versionType : git (string)

}

]

programFiles : [ »

0 : net/rds/recv.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.6.30 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 2.6.30 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 4.4.274 (string)

versionType : semver (string)

lessThanOrEqual : 4.4.* (string)

}

3 : { »

status : unaffected (string)

version : 4.9.274 (string)

versionType : semver (string)

lessThanOrEqual : 4.9.* (string)

}

4 : { »

status : unaffected (string)

version : 4.14.238 (string)

versionType : semver (string)

lessThanOrEqual : 4.14.* (string)

}

5 : { »

status : unaffected (string)

version : 4.19.196 (string)

versionType : semver (string)

lessThanOrEqual : 4.19.* (string)

}

6 : { »

status : unaffected (string)

version : 5.4.128 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

7 : { »

status : unaffected (string)

version : 5.10.46 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

8 : { »

status : unaffected (string)

version : 5.12.13 (string)

versionType : semver (string)

lessThanOrEqual : 5.12.* (string)

}

9 : { »

status : unaffected (string)

version : 5.13 (string)

versionType : semver (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : net/rds/recv.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f (string)

}

1 : { »

url : https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c (string)

}

2 : { »

url : https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a (string)

}

4 : { »

url : https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f (string)

}

]

x_generator : { »

engine : bippy-c8e10e5f6187 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &inc)) { ... } After this "if" inc refcount incremented and if (rds_cmsg_recv(inc, msg, rs)) { ret = -EFAULT; goto out; } ... out: return ret; } in case of rds_cmsg_recv() fail the refcount won't be decremented. And it's easy to see from ftrace log, that rds_inc_addref() don't have rds_inc_put() pair in rds_recvmsg() after rds_cmsg_recv() 1) | rds_recvmsg() { 1) 3.721 us | rds_inc_addref(); 1) 3.853 us | rds_message_inc_copy_to_user(); 1) + 10.395 us | rds_cmsg_recv(); 1) + 34.260 us | } (string)

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2024-11-04T11:37:35.230Z (string)

}

cveMetadata : { »

cveId : CVE-2021-47249 (string)

state : PUBLISHED (string)

dateUpdated : 2024-11-04T11:37:35.230Z (string)

dateReserved : 2024-04-10T18:59:19.536Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-05-21T14:19:46.238Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "917424B6-D03C-4372-9E06-61D6C13CE591", "versionEndExcluding": "4.4.274", "versionStartIncluding": "2.6.30", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A84D5BC-006F-41C5-A54D-6D45236009B3", "versionEndExcluding": "4.9.274", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3C0DBBF-0923-4D2A-9178-134691F9933F", "versionEndExcluding": "4.14.238", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3CAB837-7D38-4934-AD4F-195CEFD754E6", "versionEndExcluding": "4.19.196", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6267BD4E-BE25-48B5-B850-4B493440DAFA", "versionEndExcluding": "5.4.128", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "59455D13-A902-42E1-97F7-5ED579777193", "versionEndExcluding": "5.10.46", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855", "versionEndExcluding": "5.12.13", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*", "matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*", "matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rds: fix memory leak in rds_recvmsg\n\nSyzbot reported memory leak in rds. The problem\nwas in unputted refcount in case of error.\n\nint rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,\n\t\tint msg_flags)\n{\n...\n\n\tif (!rds_next_incoming(rs, &inc)) {\n\t\t...\n\t}\n\nAfter this \"if\" inc refcount incremented and\n\n\tif (rds_cmsg_recv(inc, msg, rs)) {\n\t\tret = -EFAULT;\n\t\tgoto out;\n\t}\n...\nout:\n\treturn ret;\n}\n\nin case of rds_cmsg_recv() fail the refcount won't be\ndecremented. And it's easy to see from ftrace log, that\nrds_inc_addref() don't have rds_inc_put() pair in\nrds_recvmsg() after rds_cmsg_recv()\n\n 1)               |  rds_recvmsg() {\n 1)   3.721 us    |    rds_inc_addref();\n 1)   3.853 us    |    rds_message_inc_copy_to_user();\n 1) + 10.395 us   |    rds_cmsg_recv();\n 1) + 34.260 us   |  }"}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:rds: corrige p\u00e9rdida de memoria en rds_recvmsg. Syzbot inform\u00f3 p\u00e9rdida de memoria en rds. El problema estaba en el recuento no puesto en caso de error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &amp;inc)) { ... } Despu\u00e9s de esto \"if\" inc refcount incrementado y if (rds_cmsg_recv (inc, mensaje, rs)) { ret = -EFAULT; salir; } ... fuera: devolver ret; } en caso de que rds_cmsg_recv() falle, el recuento no disminuir\u00e1. Y es f\u00e1cil ver en el registro de ftrace que rds_inc_addref() no tiene el par rds_inc_put() en rds_recvmsg() despu\u00e9s de rds_cmsg_recv() 1) | rds_recvmsg() { 1) 3.721 us| rds_inc_addref(); 1) 3.853 us| rds_message_inc_copy_to_user(); 1) + 10.395 us| rds_cmsg_recv(); 1) + 34.260 us| }"}], "id": "CVE-2021-47249", "lastModified": "2024-12-30T19:01:43.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T15:15:13.857", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 917424B6-D03C-4372-9E06-61D6C13CE591 (string)

versionEndExcluding : 4.4.274 (string)

versionStartIncluding : 2.6.30 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A84D5BC-006F-41C5-A54D-6D45236009B3 (string)

versionEndExcluding : 4.9.274 (string)

versionStartIncluding : 4.5 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C3C0DBBF-0923-4D2A-9178-134691F9933F (string)

versionEndExcluding : 4.14.238 (string)

versionStartIncluding : 4.10 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F3CAB837-7D38-4934-AD4F-195CEFD754E6 (string)

versionEndExcluding : 4.19.196 (string)

versionStartIncluding : 4.15 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6267BD4E-BE25-48B5-B850-4B493440DAFA (string)

versionEndExcluding : 5.4.128 (string)

versionStartIncluding : 4.20 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 59455D13-A902-42E1-97F7-5ED579777193 (string)

versionEndExcluding : 5.10.46 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7806E7E5-6D4F-4E18-81C1-79B3C60EE855 (string)

versionEndExcluding : 5.12.13 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 96AC23B2-D46A-49D9-8203-8E1BEDCA8532 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* (string)

matchCriteriaId : DA610E30-717C-4700-9F77-A3C9244F3BFD (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* (string)

matchCriteriaId : 1ECD33F5-85BE-430B-8F86-8D7BD560311D (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:* (string)

matchCriteriaId : CF351855-2437-4CF5-AD7C-BDFA51F27683 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:* (string)

matchCriteriaId : 25A855BA-2118-44F2-90EF-EBBB12AF51EF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &inc)) { ... } After this "if" inc refcount incremented and if (rds_cmsg_recv(inc, msg, rs)) { ret = -EFAULT; goto out; } ... out: return ret; } in case of rds_cmsg_recv() fail the refcount won't be decremented. And it's easy to see from ftrace log, that rds_inc_addref() don't have rds_inc_put() pair in rds_recvmsg() after rds_cmsg_recv() 1) | rds_recvmsg() { 1) 3.721 us | rds_inc_addref(); 1) 3.853 us | rds_message_inc_copy_to_user(); 1) + 10.395 us | rds_cmsg_recv(); 1) + 34.260 us | } (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:rds: corrige pérdida de memoria en rds_recvmsg. Syzbot informó pérdida de memoria en rds. El problema estaba en el recuento no puesto en caso de error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &inc)) { ... } Después de esto "if" inc refcount incrementado y if (rds_cmsg_recv (inc, mensaje, rs)) { ret = -EFAULT; salir; } ... fuera: devolver ret; } en caso de que rds_cmsg_recv() falle, el recuento no disminuirá. Y es fácil ver en el registro de ftrace que rds_inc_addref() no tiene el par rds_inc_put() en rds_recvmsg() después de rds_cmsg_recv() 1) | rds_recvmsg() { 1) 3.721 us| rds_inc_addref(); 1) 3.853 us| rds_message_inc_copy_to_user(); 1) + 10.395 us| rds_cmsg_recv(); 1) + 34.260 us| } (string)

}

]

id : CVE-2021-47249 (string)

lastModified : 2024-12-30T19:01:43.417 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-05-21T15:15:13.857 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02 (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86 (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f (string)

}

7 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/49bfcbfd989a8f1f23e705759a6bb099de2cff9f (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a5215b91 (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-401 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "kernel: net: rds: fix memory leak in rds_recvmsg", "id": "2282563", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282563"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: rds: fix memory leak in rds_recvmsg\nSyzbot reported memory leak in rds. The problem\nwas in unputted refcount in case of error.\nint rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,\nint msg_flags)\n{\n...\nif (!rds_next_incoming(rs, &inc)) {\n...\n}\nAfter this \"if\" inc refcount incremented and\nif (rds_cmsg_recv(inc, msg, rs)) {\nret = -EFAULT;\ngoto out;\n}\n...\nout:\nreturn ret;\n}\nin case of rds_cmsg_recv() fail the refcount won't be\ndecremented. And it's easy to see from ftrace log, that\nrds_inc_addref() don't have rds_inc_put() pair in\nrds_recvmsg() after rds_cmsg_recv()\n1)               |  rds_recvmsg() {\n1)   3.721 us    |    rds_inc_addref();\n1)   3.853 us    |    rds_message_inc_copy_to_user();\n1) + 10.395 us   |    rds_cmsg_recv();\n1) + 34.260 us   |  }"], "name": "CVE-2021-47249", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47249\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47249\nhttps://lore.kernel.org/linux-cve-announce/2024052144-CVE-2021-47249-ed65@gregkh/T"], "threat_severity": "Low"}

{

bugzilla : { »

description : kernel: net: rds: fix memory leak in rds_recvmsg (string)

id : 2282563 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2282563 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 6.1 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L (string)

status : draft (string)

}

cwe : CWE-402 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &inc)) { ... } After this "if" inc refcount incremented and if (rds_cmsg_recv(inc, msg, rs)) { ret = -EFAULT; goto out; } ... out: return ret; } in case of rds_cmsg_recv() fail the refcount won't be decremented. And it's easy to see from ftrace log, that rds_inc_addref() don't have rds_inc_put() pair in rds_recvmsg() after rds_cmsg_recv() 1) | rds_recvmsg() { 1) 3.721 us | rds_inc_addref(); 1) 3.853 us | rds_message_inc_copy_to_user(); 1) + 10.395 us | rds_cmsg_recv(); 1) + 34.260 us | } (string)

]

name : CVE-2021-47249 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

6 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-05-21T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2021-47249 https://nvd.nist.gov/vuln/detail/CVE-2021-47249 https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2021-47249-ed65@gregkh/T (string)

]

threat_severity : Low (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object