vulnerability

Ubuntu: (CVE-2021-47416): linux vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	May 21, 2024	Nov 19, 2024	Sep 5, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

May 21, 2024

Added

Nov 19, 2024

Modified

Sep 5, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

phy: mdio: fix memory leak

Syzbot reported memory leak in MDIO bus interface, the problem was in
wrong state logic.

MDIOBUS_ALLOCATED indicates 2 states:
1. Bus is only allocated
2. Bus allocated and __mdiobus_register() fails, but
device_register() was called

In case of device_register() has been called we should call put_device()
to correctly free the memory allocated for this device, but mdiobus_free()
calls just kfree(dev) in case of MDIOBUS_ALLOCATED state

To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED
_before_ calling device_register(), because put_device() should be
called even in case of device_register() failure.

Solutions

ubuntu-upgrade-linuxubuntu-upgrade-linux-awsubuntu-upgrade-linux-aws-5-4ubuntu-upgrade-linux-aws-fipsubuntu-upgrade-linux-aws-hweubuntu-upgrade-linux-azureubuntu-upgrade-linux-azure-4-15ubuntu-upgrade-linux-azure-5-4ubuntu-upgrade-linux-azure-fipsubuntu-upgrade-linux-bluefieldubuntu-upgrade-linux-fipsubuntu-upgrade-linux-gcpubuntu-upgrade-linux-gcp-4-15ubuntu-upgrade-linux-gcp-5-4ubuntu-upgrade-linux-gcp-fipsubuntu-upgrade-linux-gkeopubuntu-upgrade-linux-hweubuntu-upgrade-linux-hwe-5-4ubuntu-upgrade-linux-ibmubuntu-upgrade-linux-kvmubuntu-upgrade-linux-oracleubuntu-upgrade-linux-oracle-5-4ubuntu-upgrade-linux-raspiubuntu-upgrade-linux-raspi-5-4

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today