5.5
MEDIUM
CVE-2021-47238
Linux Kernel: Memory Leak in igmp
Description

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in ip_mc_add1_src BUG: memory leak unreferenced object 0xffff888101bc4c00 (size 32): comm "syz-executor527", pid 360, jiffies 4294807421 (age 19.329s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline] [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline] [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline] [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095 [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416 [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline] [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423 [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857 [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117 [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline] [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline] [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125 [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47 [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In commit 24803f38a5c0 ("igmp: do not remove igmp souce list info when set link down"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed, because it was also called in igmpv3_clear_delrec(). Rough callgraph: inetdev_destroy -> ip_mc_destroy_dev -> igmpv3_clear_delrec -> ip_mc_clear_src -> RCU_INIT_POINTER(dev->ip_ptr, NULL) However, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't release in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the NULL to dev->ip_ptr. As a result, in_dev cannot be obtained through inetdev_by_index() and then in_dev->mc_list->sources cannot be released by ip_mc_del1_src() in the sock_close. Rough call sequence goes like: sock_close -> __sock_release -> inet_release -> ip_mc_drop_socket -> inetdev_by_index -> ip_mc_leave_src -> ip_mc_del_src -> ip_mc_del1_src So we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free in_dev->mc_list->sources.

INFO

Published Date :

May 21, 2024, 3:15 p.m.

Last Modified :

April 4, 2025, 2:31 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2021-47238 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-47238.

URL Resource
https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 Patch
https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 Patch
https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 Patch
https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 Patch
https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a Patch
https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076 Patch
https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083 Patch
https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 Patch
https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 Patch
https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 Patch
https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 Patch
https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a Patch
https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076 Patch
https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083 Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-47238 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-47238 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Apr. 04, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.2.87 up to (excluding) 3.3 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.16.42 up to (excluding) 3.17 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9 up to (excluding) 4.9.274 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.238 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.196 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.128 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.46 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.12.13
    Added Reference Type CVE: https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083 Types: Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422
    Added Reference https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501
    Added Reference https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758
    Added Reference https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8
    Added Reference https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a
    Added Reference https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076
    Added Reference https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 03, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-400
    Added CVSS V3.1 CISA-ADP AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 28, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 21, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in ip_mc_add1_src BUG: memory leak unreferenced object 0xffff888101bc4c00 (size 32): comm "syz-executor527", pid 360, jiffies 4294807421 (age 19.329s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline] [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline] [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline] [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095 [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416 [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline] [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423 [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857 [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117 [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline] [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline] [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125 [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47 [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In commit 24803f38a5c0 ("igmp: do not remove igmp souce list info when set link down"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed, because it was also called in igmpv3_clear_delrec(). Rough callgraph: inetdev_destroy -> ip_mc_destroy_dev -> igmpv3_clear_delrec -> ip_mc_clear_src -> RCU_INIT_POINTER(dev->ip_ptr, NULL) However, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't release in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the NULL to dev->ip_ptr. As a result, in_dev cannot be obtained through inetdev_by_index() and then in_dev->mc_list->sources cannot be released by ip_mc_del1_src() in the sock_close. Rough call sequence goes like: sock_close -> __sock_release -> inet_release -> ip_mc_drop_socket -> inetdev_by_index -> ip_mc_leave_src -> ip_mc_del_src -> ip_mc_del1_src So we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free in_dev->mc_list->sources.
    Added Reference kernel.org https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-47238 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-47238 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: May. 15, 2025 12:46