Bug 1194090 (CVE-2021-45480) - VUL-1: CVE-2021-45480: kernel-source,kernel-source-rt,kernel-source-azure: memory leak in the __rds_conn_create() function in net/rds/connection.c under certain circumstances
Summary: VUL-1: CVE-2021-45480: kernel-source,kernel-source-rt,kernel-source-azure: me...
Status: RESOLVED FIXED
Alias: CVE-2021-45480
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/318830/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-27 11:53 UTC by Carlos López
Modified: 2024-06-25 16:31 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2021-12-27 11:53:37 UTC 
CVE-2021-45480

An issue was discovered in the Linux kernel before 5.15.11. There is a memory
leak in the __rds_conn_create() function in net/rds/connection.c in a certain
combination of circumstances.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45480
https://github.com/torvalds/linux/commit/5f9562ebe710c307adc5f666bf1a2162ee7977c0
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11
Comment 1 Carlos López 2021-12-27 11:54:16 UTC 
SLE15-SP4 branch affected. Already fixed in stable and master.

Bug introduced in:
https://github.com/torvalds/linux/commit/aced3ce57cd37b5ca332bcacd370d01f5a8c5371

Fixed in:
https://github.com/torvalds/linux/commit/5f9562ebe710c307adc5f666bf1a2162ee7977c0
Comment 6 Karasulli 2022-01-27 10:12:06 UTC 
This bug was introduced in kernel version v5.13-rc4 and was fixed in v5.16-rc6. So only branch that is affected is SLE15 SP4.
Comment 7 Karasulli 2022-01-28 08:31:17 UTC 
Patch causing the issue wasn't backported to other branches. So they aren't affected.
Comment 14 Carlos López 2022-06-09 10:58:50 UTC 
Done, closing.