SB2024053051 - Memory leak in Linux kernel can usb driver
Published: May 30, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024053051
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2021-47231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mcba_usb_start() and mcba_usb_open() functions in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/89df95ce32be204eef2e7d4b2f6fb552fb191a68
- https://git.kernel.org/stable/c/a115198caaab6d663bef75823a3c5f0802306d60
- https://git.kernel.org/stable/c/6f87c0e21ad20dd3d22108e33db1c552dfa352a0
- https://git.kernel.org/stable/c/6bd3d80d1f019cefa7011056c54b323f1d8b8e83
- https://git.kernel.org/stable/c/d0760a4ef85697bc756d06eae17ae27f3f055401
- https://git.kernel.org/stable/c/91c02557174be7f72e46ed7311e3bea1939840b0
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.238
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.128