CVE-2021-47416
Published: May 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiobus_register() fails, but device_register() was called In case of device_register() has been called we should call put_device() to correctly free the memory allocated for this device, but mdiobus_free() calls just kfree(dev) in case of MDIOBUS_ALLOCATED state To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED _before_ calling device_register(), because put_device() should be called even in case of device_register() failure.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 46abc02175b3c246dd5141d878f565a8725060c9 - < 25e9f88c7e3cc35f5e3d3db199660d28a15df639affected 46abc02175b3c246dd5141d878f565a8725060c9 - < 2250392d930bd0d989f24d355d6355b0150256e7affected 46abc02175b3c246dd5141d878f565a8725060c9 - < f4f502a04ee1e543825af78f47eb7785015cd9f6affected 46abc02175b3c246dd5141d878f565a8725060c9 - < 2397b9e118721292429fea8807a698e71b94795faffected 46abc02175b3c246dd5141d878f565a8725060c9 - < 414bb4ead1362ef2c8592db723c017258f213988+3 more versions |
Linux | Linux | affected 2.6.28unaffected 0 - < 2.6.28unaffected 4.4.289 - <= 4.4.*unaffected 4.9.287 - <= 4.9.*unaffected 4.14.251 - <= 4.14.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now