CVE-2021-47519
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/05/2024
Last modified:
03/07/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
can: m_can: m_can_read_fifo: fix memory leak in error branch<br />
<br />
In m_can_read_fifo(), if the second call to m_can_fifo_read() fails,<br />
the function jump to the out_fail label and returns without calling<br />
m_can_receive_skb(). This means that the skb previously allocated by<br />
alloc_can_skb() is not freed. In other terms, this is a memory leak.<br />
<br />
This patch adds a goto label to destroy the skb if an error occurs.<br />
<br />
Issue was found with GCC -fanalyzer, please follow the link below for<br />
details.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.15 (including) | 5.15.8 (excluding) |
To consult the complete list of CPE names with products and versions, see this page