vulnerability
Amazon Linux AMI 2: CVE-2021-47250: Security patch for kernel (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | May 21, 2024 | May 21, 2025 | May 22, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
net: ipv4: fix memory leak in netlbl_cipsov4_add_std
Reported by syzkaller:
BUG: memory leak
unreferenced object 0xffff888105df7000 (size 64):
comm "syz-executor842", pid 360, jiffies 4294824824 (age 22.546s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[] kmalloc include/linux/slab.h:590 [inline]
[] kzalloc include/linux/slab.h:720 [inline]
[] netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [inline]
[] netlbl_cipsov4_add+0x390/0x2340 net/netlabel/netlabel_cipso_v4.c:416
[[] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
[] genl_rcv_msg+0x2bf/0x4f0 net/netlink/genetlink.c:800
[] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504
[] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
[] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
[] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340
[] netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929
[] sock_sendmsg_nosec net/socket.c:654 [inline]
[] sock_sendmsg+0x139/0x170 net/socket.c:674
[] ____sys_sendmsg+0x658/0x7d0 net/socket.c:2350
[] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404
[] __sys_sendmsg+0xd3/0x190 net/socket.c:2433
[] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47
[] entry_SYSCALL_64_after_hwframe+0x44/0xae
The memory of doi_def->map.std pointing is allocated in
netlbl_cipsov4_add_std, but no place has freed it. It should be
freed in cipso_v4_doi_free which frees the cipso DOI resource.
Solution(s)
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.