Vulnerabilities > CVE-2021-47143 - Incomplete Cleanup vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: net/smc: remove device from smcd_dev_list after failed device_add() If the device_add() for a smcd_dev fails, there's no cleanup step that rolls back the earlier list_add(). The device subsequently gets freed, and we end up with a corrupted list. Add some error handling that removes the device from the list.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/40588782f1016c655ae1d302892f61d35af96842
- https://git.kernel.org/stable/c/40588782f1016c655ae1d302892f61d35af96842
- https://git.kernel.org/stable/c/444d7be9532dcfda8e0385226c862fd7e986f607
- https://git.kernel.org/stable/c/444d7be9532dcfda8e0385226c862fd7e986f607
- https://git.kernel.org/stable/c/8b2cdc004d21a7255f219706dca64411108f7897
- https://git.kernel.org/stable/c/8b2cdc004d21a7255f219706dca64411108f7897