Memory leak in Linux kernel tty serial driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47527 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU90437
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47527
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uart_tty_port_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.9 - 5.16 rc8
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.8:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/011f6c92b5bf6e1fbfdedc8b5232f64c1c493206
https://git.kernel.org/stable/c/e74d9663fd57640fc3394abb5c76fa95b9cc2f2e
https://git.kernel.org/stable/c/1179b168fa3f3a6aae3bd140000455a0e58457db
https://git.kernel.org/stable/c/c5da8aa441053958594f94254592bb41264bdfbf
https://git.kernel.org/stable/c/e1722acf4f0d4d67b60f57e08ce16f8b66cd4b8f
https://git.kernel.org/stable/c/64e491c1634b73d3bddc081d08620bdc92ab2c12
https://git.kernel.org/stable/c/00de977f9e0aa9760d9a79d1e41ff780f74e3424
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.257
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.292
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.84
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.7
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.164
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
