PT-2024-11227 · Linux+2 · Linux Kernel+2
Syzbot
·
Published
2021-05-17
·
Updated
2025-01-07
·
CVE-2021-47180
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.12.8
Description
A memory leak vulnerability has been identified in the Linux kernel's NFC subsystem, specifically in the
nci allocate device function. The nfcmrvl disconnect function fails to free the hci dev field in the struct nci dev, resulting in a memory leak. This issue can be exploited locally, posing a risk to the system's security. The vulnerability is caused by the failure to free the hci dev field in the nci free device function.Recommendations
To resolve this issue, update the Linux kernel to version 5.12.8 or later. As a temporary workaround, consider disabling the NFC subsystem until a patch is available. Restrict access to the vulnerable
nci allocate device function to minimize the risk of exploitation. Avoid using the hci dev field in the struct nci dev until the issue is resolved.Fix
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linux Kernel
Suse