CVE-2021-45480Missing Release of Memory after Effective Lifetime in Kernel

CWE-401Missing Release of Memory after Effective Lifetime16 documents7 sources
Severity
5.5MEDIUMNVD
OSV6.5OSV4.7
EPSS
0.1%
top 75.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelDebian LinuxDebian Linux+4 more
Timeline
PublishedDec 24
Latest updateApr 13

Description

An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDlinux/linux_kernel< 5.15.11
Debianlinux/linux_kernel< 5.10.92-1+3
Ubuntulinux/linux_kernel< 5.4.0-105.119
debiandebian/linux< linux 5.15.15-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

7
OSV
linux-bluefield vulnerabilities2022-04-13
OSV
linux-azure-5.13, linux-oracle-5.13 vulnerabilities2022-04-06
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, lnux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.42022-03-22
OSV
linux, linux-aws, linux-aws-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities2022-03-22
OSV
linux-oem-5.14 vulnerabilities2022-02-09

📋Vendor Advisories

8
Ubuntu
Linux kernel (BlueField) vulnerabilities2022-04-13
Ubuntu
Linux kernel vulnerabilities2022-04-06
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel (OEM) vulnerabilities2022-02-09
CVE-2021-45480 — Linux Kernel vulnerability | cvebase