Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2021-47473

Disclosure Date: May 22, 2024 •

CVE-2021-47473 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()

Commit 8c0eb596baa5 (“[SCSI] qla2xxx: Fix a memory leak in an error path of
qla2x00_process_els()”), intended to change:

    bsg_job->request->msgcode == FC_BSG_HST_ELS_NOLOGIN


    bsg_job->request->msgcode != FC_BSG_RPT_ELS

but changed it to:

    bsg_job->request->msgcode == FC_BSG_RPT_ELS

instead.

Change the == to a != to avoid leaking the fcport structure or freeing
unallocated memory.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

linux

Products

References

Canonical

CVE-2021-47473 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47473)

Miscellaneous

https://git.kernel.org/stable/c/96f0aebf29be25254fa585af43924e34aa21fd9a

https://git.kernel.org/stable/c/a7fbb56e6c941d9f59437b96412a348e66388d3e

https://git.kernel.org/stable/c/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad

Rapid7

Technical Analysis