Unrated severityNVD Advisory· Published May 21, 2024· Updated May 4, 2025

can: mcba_usb: fix memory leak in mcba_usb

CVE-2021-47231

Description

In the Linux kernel, the following vulnerability has been resolved:

Syzbot reported memory leak in SocketCAN driver for Microchip CAN BUS Analyzer Tool. The problem was in unfreed usb_coherent.

In mcba_usb_start() 20 coherent buffers are allocated and there is nothing, that frees them:

1) In callback function the urb is resubmitted and that's all 2) In disconnect function urbs are simply killed, but URB_FREE_BUFFER is not set (see mcba_usb_start) and this flag cannot be used with coherent buffers.

Fail log: | [ 1354.053291][ T8413] mcba_usb 1-1:0.0 can0: device disconnected | [ 1367.059384][ T8420] kmemleak: 20 new suspected memory leaks (see /sys/kernel/debug/kmem)

So, all allocated buffers should be freed with usb_free_coherent() explicitly

NOTE: The same pattern for allocating and freeing coherent buffers is used in drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c

Affected products

osv-coords89 versions
pkg:rpm/suse/kernel-64kb&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/kernel-docs&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_49&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2 pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_45&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/kernel-preempt&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_57&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 5.3.18-150300.59.164.1+ 88 more
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-16.188.1
- (no CPE)range: < 4.12.14-16.188.1
- (no CPE)range: < 5.3.18-150300.59.164.1.150300.18.96.1
- (no CPE)range: < 5.3.18-150200.24.194.1.150200.9.99.1
- (no CPE)range: < 5.3.18-150300.59.164.1.150300.18.96.1
- (no CPE)range: < 5.3.18-150300.59.164.1.150300.18.96.1
- (no CPE)range: < 5.3.18-150300.59.164.1.150300.18.96.1
- (no CPE)range: < 5.3.18-150200.24.194.1.150200.9.99.1
- (no CPE)range: < 5.3.18-150300.59.164.1.150300.18.96.1
- (no CPE)range: < 5.3.18-150200.24.194.1.150200.9.99.1
- (no CPE)range: < 5.3.18-150300.59.164.1.150300.18.96.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-122.219.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-122.219.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-122.219.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-122.219.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-122.219.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-122.219.1
- (no CPE)range: < 1-150200.5.3.1
- (no CPE)range: < 1-150300.7.3.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-122.219.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-10.188.1
- (no CPE)range: < 5.3.18-150300.172.1
- (no CPE)range: < 5.3.18-150300.172.1
- (no CPE)range: < 4.12.14-10.188.1
- (no CPE)range: < 4.12.14-16.188.1
- (no CPE)range: < 4.12.14-16.188.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-122.219.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-122.219.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150300.172.1
- (no CPE)range: < 5.3.18-150300.172.1
- (no CPE)range: < 4.12.14-10.188.1
- (no CPE)range: < 4.12.14-16.188.1
- (no CPE)range: < 4.12.14-16.188.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-122.219.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-122.219.1
- (no CPE)range: < 5.3.18-150200.24.194.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 4.12.14-10.188.1
- (no CPE)range: < 5.3.18-150300.59.164.1
- (no CPE)range: < 1-8.3.1
Linux/Linuxcpe-rescue
Range: 4.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000