CVE-2021-47237
Detail
Description
In the Linux kernel, the following vulnerability has been resolved:
net: hamradio: fix memory leak in mkiss_close
My local syzbot instance hit memory leak in
mkiss_open()[1]. The problem was in missing
free_netdev() in mkiss_close().
In mkiss_open() netdevice is allocated and then
registered, but in mkiss_close() netdevice was
only unregistered, but not freed.
Fail log:
BUG: memory leak
unreferenced object 0xffff8880281ba000 (size 4096):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ax0.............
00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00 .'.*............
backtrace:
[<ffffffff81a27201>] kvmalloc_node+0x61/0xf0
[<ffffffff8706e7e8>] alloc_netdev_mqs+0x98/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff8880141a9a00 (size 96):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff ...(.......(....
98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00 .....@..........
backtrace:
[<ffffffff8709f68b>] __hw_addr_create_ex+0x5b/0x310
[<ffffffff8709fb38>] __hw_addr_add_ex+0x1f8/0x2b0
[<ffffffff870a0c7b>] dev_addr_init+0x10b/0x1f0
[<ffffffff8706e88b>] alloc_netdev_mqs+0x13b/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff8880219bfc00 (size 512):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff ...(............
80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff81a27201>] kvmalloc_node+0x61/0xf0
[<ffffffff8706eec7>] alloc_netdev_mqs+0x777/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff888029b2b200 (size 256):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff81a27201>] kvmalloc_node+0x61/0xf0
[<ffffffff8706f062>] alloc_netdev_mqs+0x912/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0 Severity and Vector Strings:
NVD assessment
not yet provided.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected] .
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-401
Missing Release of Memory after Effective Lifetime
NIST
Change History
6 change records found show changes
CVE Modified by CISA-ADP
6/17/2026 12:16:58 AM
Action
Type
Old Value
New Value
Added
SSVC
{"timestamp":"2024-09-10T15:40:03.924521Z","id":"CVE-2021-47237","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}
CVE Modified by kernel.org
6/17/2026 12:16:58 AM
Action
Type
Old Value
New Value
Added
Affected
Record truncated, showing 2048 of 2475 characters.
View Entire Change Record
[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/hamradio/mkiss.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"c634ba0b4159838ff45a60d3a0ace3b4118077a5","versionType":"git","status":"affected"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"3942d0f9ace1a95a74930b5b4fc0e5005c62b37b","versionType":"git","status":"affected"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"765a8a04f828db7222b36a42b1031f576bfe95c3","versionType":"git","status":"affected"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"c16c4716a1b5ba4f83c7e00da457cba06761f119","versionType":"git","status":"affected"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"a49cbb762ef20655f5c91abdc13658b0af5e159d","versionType":"git","status":"affected"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"290b0b6432e2599021db0b8d6046f756d931c29f","versionType":"git","status":"affected"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"f4de2b43d13b7cf3ced9310e371b90c836dbd7cd","versionType":"git","status":"affected"},{"version":"815f62bf742718458ba822a7e1f51f285eb997f2","lessThan":"7edcc682301492380fbdd604b4516af5ae667a13","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/hamradio/mkiss.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.14","status":"affected"},{"version":"0","lessThan":"2.6.14","versionType":"semver","status":"unaffected"},{"version":"4.4.274","lessThanOrEqual":"4.4.*","versionType":"semver","status":"unaffected"},{"version":"4.9.274","lessThanOrEqual":"4.9.*","versionType":"semver","status":"unaffected"},{"version":"4.14.238","lessThanOrEqual":"4.14.*","versionType":"semver","status":"unaffected"},{"version":"4.19.196","lessThanOrEqual":"4.19.*","vers
Initial Analysis by NIST
12/30/2024 2:05:28 PM
Action
Type
Old Value
New Value
Added
CVSS V3.1
NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added
CWE
NIST CWE-401
Added
CPE Configuration
OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.14 up to (excluding) 4.4.274
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.5 up to (excluding) 4.9.274
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.238
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.196
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.128
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.46
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.12.13
*cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*
Changed
Reference Type
https://git.kernel.org/stable/c/290b0b6432e2599021db0b8d6046f756d931c29f No Types Assigned
https://git.kernel.org/stable/c/290b0b6432e2599021db0b8d6046f756d931c29f Patch
Changed
Reference Type
https://git.kernel.org/stable/c/290b0b6432e2599021db0b8d6046f756d931c29f No Types Assigned
https://git.kernel.org/stable/c/290b0b6432e2599021db0b8d6046f756d931c29f Patch
Changed
Reference Type
https://git.kernel.org/stable/c/3942d0f9ace1a95a74930b5b4fc0e5005c62b37b No Types Assigned
https://git.kernel.org/stable/c/3942d0f9ace1a95a74930b5b4fc0e5005c62b37b Patch
Changed
Reference Type
https://git.kernel.org/stable/c/3942d0f9ace1a95a74930b5b4fc0e5005c62b37b No Types Assigned
https://git.kernel.org/stable/c/3942d0f9ace1a95a74930b5b4fc0e5005c62b37b Patch
Changed
Reference Type
https://git.kernel.org/stable/c/765a8a04f828db7222b36a42b1031f576bfe95c3 No Types Assigned
https://git.kernel.org/stable/c/765a8a04f828db7222b36a42b1031f576bfe95c3 Patch
Changed
Reference Type
https://git.kernel.org/stable/c/765a8a04f828db7222b36a42b1031f576bfe95c3 No Types Assigned
https://git.kernel.org/stable/c/765a8a04f828db7222b36a42b1031f576bfe95c3 Patch
Changed
Reference Type
https://git.kernel.org/stable/c/7edcc682301492380fbdd604b4516af5ae667a13 No Types Assigned
https://git.kernel.org/stable/c/7edcc682301492380fbdd604b4516af5ae667a13 Patch
Changed
Reference Type
https://git.kernel.org/stable/c/7edcc682301492380fbdd604b4516af5ae667a13 No Types Assigned
https://git.kernel.org/stable/c/7edcc682301492380fbdd604b4516af5ae667a13 Patch
Changed
Reference Type
https://git.kernel.org/stable/c/a49cbb762ef20655f5c91abdc13658b0af5e159d No Types Assigned
https://git.kernel.org/stable/c/a49cbb762ef20655f5c91abdc13658b0af5e159d Patch
Changed
Reference Type
https://git.kernel.org/stable/c/a49cbb762ef20655f5c91abdc13658b0af5e159d No Types Assigned
https://git.kernel.org/stable/c/a49cbb762ef20655f5c91abdc13658b0af5e159d Patch
Changed
Reference Type
https://git.kernel.org/stable/c/c16c4716a1b5ba4f83c7e00da457cba06761f119 No Types Assigned
https://git.kernel.org/stable/c/c16c4716a1b5ba4f83c7e00da457cba06761f119 Patch
Changed
Reference Type
https://git.kernel.org/stable/c/c16c4716a1b5ba4f83c7e00da457cba06761f119 No Types Assigned
https://git.kernel.org/stable/c/c16c4716a1b5ba4f83c7e00da457cba06761f119 Patch
Changed
Reference Type
https://git.kernel.org/stable/c/c634ba0b4159838ff45a60d3a0ace3b4118077a5 No Types Assigned
https://git.kernel.org/stable/c/c634ba0b4159838ff45a60d3a0ace3b4118077a5 Patch
Changed
Reference Type
https://git.kernel.org/stable/c/c634ba0b4159838ff45a60d3a0ace3b4118077a5 No Types Assigned
https://git.kernel.org/stable/c/c634ba0b4159838ff45a60d3a0ace3b4118077a5 Patch
Changed
Reference Type
https://git.kernel.org/stable/c/f4de2b43d13b7cf3ced9310e371b90c836dbd7cd No Types Assigned
https://git.kernel.org/stable/c/f4de2b43d13b7cf3ced9310e371b90c836dbd7cd Patch
Changed
Reference Type
https://git.kernel.org/stable/c/f4de2b43d13b7cf3ced9310e371b90c836dbd7cd No Types Assigned
https://git.kernel.org/stable/c/f4de2b43d13b7cf3ced9310e371b90c836dbd7cd Patch
CVE Modified by CVE
11/21/2024 1:35:41 AM
Action
Type
Old Value
New Value
Added
Reference
https://git.kernel.org/stable/c/290b0b6432e2599021db0b8d6046f756d931c29f
Added
Reference
https://git.kernel.org/stable/c/3942d0f9ace1a95a74930b5b4fc0e5005c62b37b
Added
Reference
https://git.kernel.org/stable/c/765a8a04f828db7222b36a42b1031f576bfe95c3
Added
Reference
https://git.kernel.org/stable/c/7edcc682301492380fbdd604b4516af5ae667a13
Added
Reference
https://git.kernel.org/stable/c/a49cbb762ef20655f5c91abdc13658b0af5e159d
Added
Reference
https://git.kernel.org/stable/c/c16c4716a1b5ba4f83c7e00da457cba06761f119
Added
Reference
https://git.kernel.org/stable/c/c634ba0b4159838ff45a60d3a0ace3b4118077a5
Added
Reference
https://git.kernel.org/stable/c/f4de2b43d13b7cf3ced9310e371b90c836dbd7cd
CVE Modified by kernel.org
5/28/2024 4:15:49 PM
Action
Type
Old Value
New Value
New CVE Received from kernel.org
5/21/2024 11:15:12 AM
Action
Type
Old Value
New Value
Added
Description
Record truncated, showing 2048 of 3655 characters.
View Entire Change Record
In the Linux kernel, the following vulnerability has been resolved:
net: hamradio: fix memory leak in mkiss_close
My local syzbot instance hit memory leak in
mkiss_open()[1]. The problem was in missing
free_netdev() in mkiss_close().
In mkiss_open() netdevice is allocated and then
registered, but in mkiss_close() netdevice was
only unregistered, but not freed.
Fail log:
BUG: memory leak
unreferenced object 0xffff8880281ba000 (size 4096):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ax0.............
00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00 .'.*............
backtrace:
[<ffffffff81a27201>] kvmalloc_node+0x61/0xf0
[<ffffffff8706e7e8>] alloc_netdev_mqs+0x98/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff8880141a9a00 (size 96):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff ...(.......(....
98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00 .....@..........
backtrace:
[<ffffffff8709f68b>] __hw_addr_create_ex+0x5b/0x310
[<ffffffff8709fb38>] __hw_addr_add_ex+0x1f8/0x2b0
[<ffffffff870a0c7b>] dev_addr_init+0x10b/0x1f0
[<ffffffff8706e88b>] alloc_netdev_mqs+0x13b/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_
Added
Reference
kernel.org https://git.kernel.org/stable/c/290b0b6432e2599021db0b8d6046f756d931c29f [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/3942d0f9ace1a95a74930b5b4fc0e5005c62b37b [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/765a8a04f828db7222b36a42b1031f576bfe95c3 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/7edcc682301492380fbdd604b4516af5ae667a13 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/a49cbb762ef20655f5c91abdc13658b0af5e159d [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/c16c4716a1b5ba4f83c7e00da457cba06761f119 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/c634ba0b4159838ff45a60d3a0ace3b4118077a5 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/f4de2b43d13b7cf3ced9310e371b90c836dbd7cd [No types assigned]
Quick Info
CVE Dictionary Entry: CVE-2021-47237 NVD
Published Date: 05/21/2024 NVD
Last Modified: 06/17/2026
Source: kernel.org