vulnerability
Ubuntu: (CVE-2021-47455): linux-fips vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | May 22, 2024 | Jun 26, 2025 | Aug 18, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
ptp: Fix possible memory leak in ptp_clock_register()
I got memory leak as follows when doing fault injection test:
unreferenced object 0xffff88800906c618 (size 8):
comm "i2c-idt82p33931", pid 4421, jiffies 4294948083 (age 13.188s)
hex dump (first 8 bytes):
70 74 70 30 00 00 00 00 ptp0....
backtrace:
[<00000000312ed458>] __kmalloc_track_caller+0x19f/0x3a0
[<0000000079f6e2ff>] kvasprintf+0xb5/0x150
[<0000000026aae54f>] kvasprintf_const+0x60/0x190
[<00000000f323a5f7>] kobject_set_name_vargs+0x56/0x150
[<000000004e35abdd>] dev_set_name+0xc0/0x100
[<00000000f20cfe25>] ptp_clock_register+0x9f4/0xd30 [ptp]
[<000000008bb9f0de>] idt82p33_probe.cold+0x8b6/0x1561 [ptp_idt82p33]
When posix_clock_register() returns an error, the name allocated
in dev_set_name() will be leaked, the put_device() should be used
to give up the device reference, then the name will be freed in
kobject_cleanup() and other memory will be freed in ptp_clock_release().
Solution
References
- CVE-2021-47455
- https://attackerkb.com/topics/CVE-2021-47455
- CWE-401
- URL-https://git.kernel.org/linus/4225fea1cb28370086e17e82c0f69bec2779dca0
- URL-https://git.kernel.org/stable/c/4225fea1cb28370086e17e82c0f69bec2779dca0
- URL-https://git.kernel.org/stable/c/95c0a0c5ec8839f8f21672be786e87a100319ca8
- URL-https://www.cve.org/CVERecord?id=CVE-2021-47455
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.