CVE-2021-47473 : In the Linux kernel, the following vulnerability has been resolved: scsi: qla2x

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() Commit 8c0eb596baa5 ("[SCSI] qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()"), intended to change: bsg_job->request->msgcode == FC_BSG_HST_ELS_NOLOGIN bsg_job->request->msgcode != FC_BSG_RPT_ELS but changed it to: bsg_job->request->msgcode == FC_BSG_RPT_ELS instead. Change the == to a != to avoid leaking the fcport structure or freeing unallocated memory.

Published 2024-05-22 06:23:30

Updated 2025-01-07 20:19:16

Source Linux

View at NVD, CVE.org

Products affected by CVE-2021-47473

Linux » Linux Kernel
Versions from including (>=) 3.11 and before (<) 5.10.76
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.14.15
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC1
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC2
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC3
cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC4
cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC5
cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC6
cpe:2.3:o:linux:linux_kernel:5.15:rc6:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47473

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47473

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2025-01-07
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-47473

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-47473

https://git.kernel.org/stable/c/a7fbb56e6c941d9f59437b96412a348e66388d3e

scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad

scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/96f0aebf29be25254fa585af43924e34aa21fd9a

scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47473

Products affected by CVE-2021-47473

Exploit prediction scoring system (EPSS) score for CVE-2021-47473

CVSS scores for CVE-2021-47473

CWE ids for CVE-2021-47473

References for CVE-2021-47473