CVE-2021-47405

MEDIUM

Linux Kernel < 4.4.286 - Memory Leak

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: free raw_report buffers in usbhid_stop Free the unsent raw_report buffers when the device is removed. Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47

References (8)

[Patch] https://git.kernel.org/stable/c/2b704864c92dcec2b295f276fcfbfb81d9831f81

[Patch] https://git.kernel.org/stable/c/764ac04de056801dfe52a716da63f6e7018e7f3b

[Patch] https://git.kernel.org/stable/c/7ce4e49146612261265671b1d30d117139021030

[Patch] https://git.kernel.org/stable/c/965147067fa1bedff3ae1f07ce3f89f1a14d2df3

[Patch] https://git.kernel.org/stable/c/c3156fea4d8a0e643625dff69a0421e872d1fdae

[Patch] https://git.kernel.org/stable/c/efc5c8d29256955cc90d8d570849b2d6121ed09f

[Patch] https://git.kernel.org/stable/c/f7744fa16b96da57187dc8e5634152d3b63d72de

[Patch] https://git.kernel.org/stable/c/f7ac4d24e1610b92689946fa88177673f1e88a3f

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (1)

linux/linux_kernel < 4.4.286

Timeline

Published May 21, 2024

Tracked Since Feb 18, 2026