CVE-2021-47171: net: usb: fix memory leak in smsc75xx_bind - Greg Kroah-Hartman

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-cve-announce@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: CVE-2021-47171: net: usb: fix memory leak in smsc75xx_bind
Date: Mon, 25 Mar 2024 10:16:47 +0100	[thread overview]
Message-ID: <2024032536-CVE-2021-47171-f223@gregkh> (raw)

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

net: usb: fix memory leak in smsc75xx_bind

Syzbot reported memory leak in smsc75xx_bind().
The problem was is non-freed memory in case of
errors after memory allocation.

backtrace:
  [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline]
  [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline]
  [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460
  [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728

The Linux kernel CVE team has assigned CVE-2021-47171 to this issue.

Affected and fixed versions
===========================

	Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.4.271 with commit 200dbfcad801
	Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.9.271 with commit 22c840596af0
	Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.14.235 with commit 9e6b8c1ff9d9
	Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.19.193 with commit 9e6a3eccb287
	Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.4.124 with commit b95fb96e6339
	Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.10.42 with commit 635ac38b3625
	Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.12.9 with commit 70c886ac93f8
	Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.13 with commit 46a8b29c6306

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47171
will be updated if fixes are backported, please check that for the most
up to date information about this issue.

Affected files
==============

The file(s) affected by this issue are:
	drivers/net/usb/smsc75xx.c

Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa
	https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f
	https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc
	https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07
	https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17
	https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0
	https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b
	https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70