<p>There is no fixed version for <code>RHEL:9</code> <code>kernel-core</code>.</p>

Memory Leak Affecting kernel-core package, versions *

Threat Intelligence

0.04% (15^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RHEL9-KERNELCORE-6977476
published 22 May 2024
disclosed 21 May 2024

Report a new vulnerability Found a mistake?

Introduced: 21 May 2024

CVE-2021-47416 Open this link in a new tab CWE-401 Open this link in a new tab

How to fix?

There is no fixed version for RHEL:9 kernel-core.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-core package and not the kernel-core package as distributed by RHEL. See How to fix? for RHEL:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

phy: mdio: fix memory leak

Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic.

MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiobus_register() fails, but device_register() was called

In case of device_register() has been called we should call put_device() to correctly free the memory allocated for this device, but mdiobus_free() calls just kfree(dev) in case of MDIOBUS_ALLOCATED state

To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED before calling device_register(), because put_device() should be called even in case of device_register() failure.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Local
Attack Complexity (AC)

Low
Privileges Required (PR)

Low
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

None
Availability (A)

High

Memory Leak Affecting kernel-core package, versions *

Severity

Based on Red Hat Enterprise Linux security rating