发布于3月6日3月6日 Members Ubuntu: (CVE-2021-47236): linux vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/21/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: cdc_eem: fix tx fixup skb leak when usbnet transmit a skb, eem fixup it in eem_tx_fixup(), if skb_copy_expand() failed, it return NULL, usbnet_start_xmit() will have no chance to free original skb. fix it by free orginal skb in eem_tx_fixup() first, then check skb clone status, if failed, return NULL to usbnet. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-aws-hwe ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-4-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-4-15 ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-hwe ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 References https://attackerkb.com/topics/cve-2021-47236 CVE - 2021-47236 https://git.kernel.org/linus/c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7 https://git.kernel.org/stable/c/05b2b9f7d24b5663d9b47427fe1555bdafd3ea02 https://git.kernel.org/stable/c/14184ec5c958b589ba934da7363a2877879204df https://git.kernel.org/stable/c/1bcacd6088d61c0ac6a990d87975600a81f3247e https://git.kernel.org/stable/c/81de2ed06df8b5451e050fe6a318af3263dbff3f https://git.kernel.org/stable/c/b4f7a9fc9d094c0c4a66f2ad7c37b1dbe9e78f88 https://git.kernel.org/stable/c/c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7 https://git.kernel.org/stable/c/f12554b0ff639e74612cc01b3b4a049e098d2d65 https://git.kernel.org/stable/c/f4e6a7f19c82f39b1803e91c54718f0d7143767d https://www.cve.org/CVERecord?id=CVE-2021-47236 View more
