Memory Leak Vulnerability in Linux Kernel for ETAS ES58X Products
CVE-2021-47671

3.3LOW

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 17 April 2025

Summary

A memory leak vulnerability was identified in the Linux kernel within the es58x_rx_err_msg() function of the ETAS ES58X module. When the can->do_set_mode() call fails, the function returns directly, neglecting to free the skb previously allocated by alloc_can_err_skb(). This oversight results in a memory leak, potentially leading to performance degradation or resource exhaustion. The issue has been resolved through patching, allowing for proper management of the skb resources even in error conditions.

Affected Version(s)

Linux 8537257874e949a59c834cecfd5a063e11b64b0b < 4f389e1276a5389c92cef860c9fde8e1c802a871

Linux 8537257874e949a59c834cecfd5a063e11b64b0b < 7eb0881aec26099089f12ae850aebd93190b1dfe

Linux 8537257874e949a59c834cecfd5a063e11b64b0b

References

https://git.kernel.org/stable/c/4f389e1276a5389c92cef860c...

https://git.kernel.org/stable/c/7eb0881aec26099089f12ae85...

https://git.kernel.org/stable/c/d9447f768bc8c60623e4bb3ce...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Apr 16, 2025