SB2024053065 - Memory leak in Linux kernel serial 8250 driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2021-47330)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the serial_resume() and serial_probe() functions in drivers/tty/serial/8250/serial_cs.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/b5a2799cd62ed30c81b22c23028d9ee374e2138c
• https://git.kernel.org/stable/c/331f5923fce4f45b8170ccf06c529e8eb28f37bc
• https://git.kernel.org/stable/c/34f4590f5ec9859ea9136249f528173d150bd584
• https://git.kernel.org/stable/c/cddee5c287e26f6b2ba5c0ffdfc3a846f2f10461
• https://git.kernel.org/stable/c/ee16bed959862a6de2913f71a04cb563d7237b67
• https://git.kernel.org/stable/c/7a80f71601af015856a0aeb1e3c294037ac3dd32
• https://git.kernel.org/stable/c/c39cf4df19acf0133fa284a8cd83fad42cd13cc2
• https://git.kernel.org/stable/c/b2ef1f5de40342de44fc5355321595f91774dab5
• https://git.kernel.org/stable/c/fad92b11047a748c996ebd6cfb164a63814eeb2e
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.240
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.52
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.19
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.134