Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

CVE-2021-47173

Disclosure Date: March 25, 2024 •

CVE-2021-47173 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

misc/uss720: fix memory leak in uss720_probe

uss720_probe forgets to decrease the refcount of usbdev in uss720_probe.
Fix this by decreasing the refcount of usbdev by usb_put_dev.

BUG: memory leak
unreferenced object 0xffff888101113800 (size 2048):
comm “kworker/0:1”, pid 7, jiffies 4294956777 (age 28.870s)
hex dump (first 32 bytes):

ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00  ....1...........
00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00  ................

backtrace:

[<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline]
[<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline]
[<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582
[<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline]
[<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
[<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline]
[<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591
[<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
[<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
[<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292
[<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

References

Canonical

CVE-2021-47173 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47173)

Miscellaneous

https://git.kernel.org/stable/c/5f46b2410db2c8f26b8bb91b40deebf4ec184391

https://git.kernel.org/stable/c/7889c70e6173ef358f3cd7578db127a489035a42

https://git.kernel.org/stable/c/bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364

https://git.kernel.org/stable/c/386918878ce4cd676e4607233866e03c9399a46a

https://git.kernel.org/stable/c/36b5ff1db1a4ef4fdbc2bae364344279f033ad88

https://git.kernel.org/stable/c/5394ae9d8c7961dd93807fdf1b12a1dde96b0a55

https://git.kernel.org/stable/c/a3c3face38cb49932c62adcc1289914f1c742096

https://git.kernel.org/stable/c/dcb4b8ad6a448532d8b681b5d1a7036210b622de

Rapid7

Unknown

CVE-2021-47173

Unknown

Unknown

None

Low

Local

CVE-2021-47173

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2021-47173

Unknown

Unknown

None

Low

Local

CVE-2021-47173

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification