CVE-2021-45480

MEDIUM

Linux Kernel < 5.15.11 - Memory Leak

Title source: rule

Description

An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.

References (5)

[Release Notes, Vendor Advisory] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11

[Patch, Vendor Advisory] https://github.com/torvalds/linux/commit/5f9562ebe710c307adc5f666bf1a2162ee7977c0

View Patch ZIP pw:eip

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5050

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5096

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 12.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (4)

linux/linux_kernel < 5.15.11

debian/debian_linux

Timeline

Published Dec 24, 2021

Tracked Since Feb 18, 2026