PT-2024-11244 · Linux+6 · Linux Kernel+6

Published

2021-06-17

Updated

2025-06-18

CVE-2021-47236

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a tx fixup skb leak in the Linux kernel when usbnet transmits a skb and eem fixup is applied in eem tx fixup(). If skb copy expand() fails, it returns NULL, and usbnet start xmit() has no chance to free the original skb. The fix involves freeing the original skb in eem tx fixup() first and then checking the skb clone status. If the clone fails, it returns NULL to usbnet.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2024:4211

ALSA-2024:4352

BDU:2025-13723

CESA-2024_4211

CESA-2024_4352

CVE-2021-47236

INFSA-2024_4211

INFSA-2024_4352

OESA-2024-1705

OPENSUSE-SU-2024_2185-1

RHSA-2024:4211

RHSA-2024:4352

RHSA-2024_4211

RHSA-2024_4352

RLSA-2024:4211

RLSA-2024:4352

RXSA-2024:4211

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2185-1

SUSE-SU-2025:01995-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2024-11244 · Linux+6 · Linux Kernel+6

CVE-2021-47236

Weakness Enumeration

Related Identifiers

Affected Products

References · 1066