PT-2024-8991 · Linux+3 · Linux Kernel+3

Petr Machata

Published

2024-05-24

Updated

2024-11-27

CVE-2021-47555

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a memory leak in the Linux kernel's VLAN component. When a dummy netdevice is removed, it can cause an underflow of the reference count for the real device, leading to a memory leak and an endless loop. This is because dev put(real dev) is called in vlan dev free() without a corresponding dev hold(real dev) in register vlan dev(). To fix this, dev hold(real dev) is moved to vlan dev init(), which is the callback for ndo init(), making dev hold() and dev put() symmetrical for the VLAN's real device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Underflow

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-401

Related Identifiers

BDU:2024-10673

CVE-2021-47555

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2385-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2495-1

SUSE-SU-2024:2939-1

SUSE-SU-2024_2495-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2024-8991 · Linux+3 · Linux Kernel+3

CVE-2021-47555

Weakness Enumeration

Related Identifiers

Affected Products

References · 2321