Bugzilla – Bug 1221970
VUL-0: CVE-2021-47158: kernel: net: dsa: sja1105: add error handling in sja1105_setup()
Last modified: 2024-07-02 07:14:49 UTC
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: add error handling in sja1105_setup() If any of sja1105_static_config_load(), sja1105_clocking_setup() or sja1105_devlink_setup() fails, we can't just return in the middle of sja1105_setup() or memory will leak. Add a cleanup path. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47158 https://www.cve.org/CVERecord?id=CVE-2021-47158 https://git.kernel.org/stable/c/987e4ab8b8a4fcbf783069e03e7524cd39ffd563 https://git.kernel.org/stable/c/cec279a898a3b004411682f212215ccaea1cd0fb https://git.kernel.org/stable/c/dd8609f203448ca6d58ae71461208b3f6b0329b0 https://bugzilla.redhat.com/show_bug.cgi?id=2271474
Offending commit (8aa9ebccae87) found in: - ALP-current - cve/linux-5.3-LTSS - cve/linux-5.14-LTSS - SLE15-SP2-LTSS - SLE15-SP3-LTSS - SLE15-SP4-LTSS - SLE15-SP5 - SLE15-SP6 - stable Fixing commit (cec279a898a3) found in: - ALP-current - cve/linux-5.14-LTSS - SLE15-SP4-LTSS - SLE15-SP5 - SLE15-SP6 - stable Tracking as affected: - cve/linux-5.3-LTSS - SLE15-SP2-LTSS - SLE15-SP3-LTSS
This only affects LTSS but it is low score(<7) and really low impact. From our point of view, we shouldn't handle it. Back to the security team.