In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_read_fifo: fix memory leak in error branch In m_can_read_fifo(), if the second call to m_can_fifo_read() fails, the function jump to the out_fail label and returns without calling m_can_receive_skb(). This means that the skb previously allocated by alloc_can_skb() is not freed. In other terms, this is a memory leak. This patch adds a goto label to destroy the skb if an error occurs. Issue was found with GCC -fanalyzer, please follow the link below for details.
History

Mon, 04 Nov 2024 12:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-24T15:09:33.118Z

Updated: 2024-12-19T07:44:02.774Z

Reserved: 2024-05-24T15:02:54.824Z

Link: CVE-2021-47519

cve-icon Vulnrichment

Updated: 2024-08-04T05:39:59.702Z

cve-icon NVD

Status : Modified

Published: 2024-05-24T15:15:13.783

Modified: 2024-11-21T06:36:25.683

Link: CVE-2021-47519

cve-icon Redhat

Severity : Low

Publid Date: 2024-05-24T00:00:00Z

Links: CVE-2021-47519 - Bugzilla