Bug 1224975 (CVE-2021-47295)

Summary: VUL-0: CVE-2021-47295: kernel: net: sched: fix memory leak in tcindex_partial_destroy_work
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Michal Koutný <mkoutny>
Status: IN_PROGRESS --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gabriele.sonnu, mkoutny
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/406929/
See Also: https://bugzilla.suse.com/show_bug.cgi?id=1219397
Whiteboard: CVSSv3.1:SUSE:CVE-2021-47295:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-05-22 12:35:18 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: sched: fix memory leak in tcindex_partial_destroy_work

Syzbot reported memory leak in tcindex_set_parms(). The problem was in
non-freed perfect hash in tcindex_partial_destroy_work().

In tcindex_set_parms() new tcindex_data is allocated and some fields from
old one are copied to new one, but not the perfect hash. Since
tcindex_partial_destroy_work() is the destroy function for old
tcindex_data, we need to free perfect hash to avoid memory leak.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47295
https://www.cve.org/CVERecord?id=CVE-2021-47295
https://git.kernel.org/stable/c/8d7924ce85bae64e7a67c366c7c50840f49f3a62
https://git.kernel.org/stable/c/8e9662fde6d63c78eb1350f6167f64c9d71a865b
https://git.kernel.org/stable/c/cac71d27745f92ee13f0ecc668ffe151a4a9c9b1
https://git.kernel.org/stable/c/f5051bcece50140abd1a11a2d36dc3ec5484fc32
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47295.mbox