CVE-2021-47344

media: zr364xx: fix memory leak in zr364xx_start_readpipe

Description

In the Linux kernel, the following vulnerability has been resolved: media: zr364xx: fix memory leak in zr364xx_start_readpipe syzbot reported memory leak in zr364xx driver. The problem was in non-freed urb in case of usb_submit_urb() fail. backtrace: [<ffffffff82baedf6>] kmalloc include/linux/slab.h:561 [inline] [<ffffffff82baedf6>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74 [<ffffffff82f7cce8>] zr364xx_start_readpipe+0x78/0x130 drivers/media/usb/zr364xx/zr364xx.c:1022 [<ffffffff84251dfc>] zr364xx_board_init drivers/media/usb/zr364xx/zr364xx.c:1383 [inline] [<ffffffff84251dfc>] zr364xx_probe+0x6a3/0x851 drivers/media/usb/zr364xx/zr364xx.c:1516 [<ffffffff82bb6507>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<ffffffff826018a9>] really_probe+0x159/0x500 drivers/base/dd.c:576

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c57b2bd3247925e253729dce283d6bf6abc9339d patch
https://git.kernel.org/stable/c/bbc80a972a3c5d7eba3f6c9c07af8fea42f5c513 patch
https://git.kernel.org/stable/c/b0633051a6cb24186ff04ce1af99c7de18c1987e patch
https://git.kernel.org/stable/c/021c294dff030f3ba38eb81e400ba123db32ecbc patch
https://git.kernel.org/stable/c/0edd6759167295ea9969e89283b81017b4c688aa patch
https://git.kernel.org/stable/c/c57bfd8000d7677bf435873b440eec0c47f73a08 patch
https://git.kernel.org/stable/c/5f3f81f1c96b501d180021c23c25e9f48eaab235 patch
https://git.kernel.org/stable/c/d69b39d89f362cfeeb54a68690768d0d257b2c8f patch
https://git.kernel.org/stable/c/0a045eac8d0427b64577a24d74bb8347c905ac65 patch

Frequently Asked Questions

What is the severity of CVE-2021-47344?
CVE-2021-47344 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47344?
To fix CVE-2021-47344, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47344 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47344 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47344?
CVE-2021-47344 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.