CVE-2021-47442

NFC: digital: fix possible memory leak in digital_in_send_sdd_req()

Description

In the Linux kernel, the following vulnerability has been resolved: NFC: digital: fix possible memory leak in digital_in_send_sdd_req() 'skb' is allocated in digital_in_send_sdd_req(), but not free when digital_in_send_cmd() failed, which will cause memory leak. Fix it by freeing 'skb' if digital_in_send_cmd() return failed.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/74569c78aa84f8c958f1334b465bc530906ec99a patch
https://git.kernel.org/stable/c/88c890b0b9a1fb9fcd01c61ada515e8b636c34f9 patch
https://git.kernel.org/stable/c/fcce6e5255474ca33c27dda0cdf9bf5087278873 patch
https://git.kernel.org/stable/c/071bdef36391958c89af5fa2172f691b31baa212 patch
https://git.kernel.org/stable/c/2bde4aca56db9fe25405d39ddb062531493a65db patch
https://git.kernel.org/stable/c/50cb95487c265187289810addec5093d4fed8329 patch
https://git.kernel.org/stable/c/6432d7f1d1c3aa74cfe8f5e3afdf81b786c32e86 patch
https://git.kernel.org/stable/c/291c932fc3692e4d211a445ba8aa35663831bac7 patch

Frequently Asked Questions

What is the severity of CVE-2021-47442?
CVE-2021-47442 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47442?
To fix CVE-2021-47442, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47442 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47442 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47442?
CVE-2021-47442 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.