CVE-2021-47249
Published: May 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &inc)) { ... } After this "if" inc refcount incremented and if (rds_cmsg_recv(inc, msg, rs)) { ret = -EFAULT; goto out; } ... out: return ret; } in case of rds_cmsg_recv() fail the refcount won't be decremented. And it's easy to see from ftrace log, that rds_inc_addref() don't have rds_inc_put() pair in rds_recvmsg() after rds_cmsg_recv() 1) | rds_recvmsg() { 1) 3.721 us | rds_inc_addref(); 1) 3.853 us | rds_message_inc_copy_to_user(); 1) + 10.395 us | rds_cmsg_recv(); 1) + 34.260 us | }
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb - < 8c3ec88b03e9e4ca117dcdc4204fd3edcd02084faffected bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb - < 423c6939758fb3b9cf5abbd1e7792068a5c4ae8caffected bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb - < 1f79bc8ae81c05eb112a53f981cb2c244ee50d02affected bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb - < 06b7cb0194bd1ede0dd27f3a946e7c0279fba44aaffected bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb - < 2038cd15eacdf7512755c27686822e0052eb9042+3 more versions |
Linux | Linux | affected 2.6.30unaffected 0 - < 2.6.30unaffected 4.4.274 - <= 4.4.*unaffected 4.9.274 - <= 4.9.*unaffected 4.14.238 - <= 4.14.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now