CVE-2021-47519

low-risk

Published 2024-05-24

In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_read_fifo: fix memory leak in error branch In m_can_read_fifo(), if the second call to m_can_fifo_read() fails, the function jump to the out_fail label and returns without calling m_can_receive_skb(). This means that the skb previously allocated by alloc_can_skb() is not freed. In other terms, this is a memory leak. This patch adds a goto label to destroy the skb if an error occurs. Issue was found with GCC -fanalyzer, please follow the link below for details.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (4)

Patch https://git.kernel.org/stable/c/31cb32a590d62b18f69a9a6d433f4e69c74fdd56

Patch https://git.kernel.org/stable/c/75a422165477dd12d2d20aa7c9ee7c9a281c9908

Patch https://git.kernel.org/stable/c/31cb32a590d62b18f69a9a6d433f4e69c74fdd56

Patch https://git.kernel.org/stable/c/75a422165477dd12d2d20aa7c9ee7c9a281c9908

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal