Resource Exhaustion Affecting kernel-tools package, versions *


Severity

Recommended
low

Based on CentOS security rating.

Threat Intelligence

EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Resource Exhaustion vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CENTOS9-KERNELTOOLS-7119948
  • published27 May 2024
  • disclosed24 May 2024

Introduced: 24 May 2024

CVE-2021-47519  (opens in a new tab)
CWE-400  (opens in a new tab)

How to fix?

There is no fixed version for Centos:9 kernel-tools.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-tools package and not the kernel-tools package as distributed by Centos. See How to fix? for Centos:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

can: m_can: m_can_read_fifo: fix memory leak in error branch

In m_can_read_fifo(), if the second call to m_can_fifo_read() fails, the function jump to the out_fail label and returns without calling m_can_receive_skb(). This means that the skb previously allocated by alloc_can_skb() is not freed. In other terms, this is a memory leak.

This patch adds a goto label to destroy the skb if an error occurs.

Issue was found with GCC -fanalyzer, please follow the link below for details.

CVSS Scores

version 3.1