Memory leak in Linux kernel phy driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47416 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU89967
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47416
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.4 - 5.15 rc7
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0-57:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/25e9f88c7e3cc35f5e3d3db199660d28a15df639
https://git.kernel.org/stable/c/2250392d930bd0d989f24d355d6355b0150256e7
https://git.kernel.org/stable/c/f4f502a04ee1e543825af78f47eb7785015cd9f6
https://git.kernel.org/stable/c/2397b9e118721292429fea8807a698e71b94795f
https://git.kernel.org/stable/c/414bb4ead1362ef2c8592db723c017258f213988
https://git.kernel.org/stable/c/0d2dd40a7be61b89a7c99dae8ee96389d27b413a
https://git.kernel.org/stable/c/064c2616234a7394867c924b5c1303974f3a4f4d
https://git.kernel.org/stable/c/ca6e11c337daf7925ff8a2aac8e84490a8691905
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.251
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.289
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.287
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.73
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.153
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
