{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47020", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.954Z", "datePublished": "2024-02-29T22:31:14.086Z", "dateUpdated": "2024-12-19T07:33:43.869Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:33:43.869Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: stream: fix memory leak in stream config error path\n\nWhen stream config is failed, master runtime will release all\nslave runtime in the slave_rt_list, but slave runtime is not\nadded to the list at this time. This patch frees slave runtime\nin the config error path to fix the memory leak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/soundwire/stream.c"], "versions": [{"version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "342260fe821047c3d515e3d28085d73fbdce3e80", "status": "affected", "versionType": "git"}, {"version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "870533403ffa28ff63e173045fc5369365642002", "status": "affected", "versionType": "git"}, {"version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "7c468deae306d0cbbd539408c26cfec04c66159a", "status": "affected", "versionType": "git"}, {"version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "2f17ac005b320c85d686088cfd4c2e7017912b88", "status": "affected", "versionType": "git"}, {"version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "effd2bd62b416f6629e18e3ce077c60de14cfdea", "status": "affected", "versionType": "git"}, {"version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "48f17f96a81763c7c8bf5500460a359b9939359f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/soundwire/stream.c"], "versions": [{"version": "4.18", "status": "affected"}, {"version": "0", "lessThan": "4.18", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.191", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.119", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.37", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.21", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.4", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80"}, {"url": "https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002"}, {"url": "https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a"}, {"url": "https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88"}, {"url": "https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea"}, {"url": "https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f"}], "title": "soundwire: stream: fix memory leak in stream config error path", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47020", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-01T15:38:20.510292Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:14:35.139Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.637Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.637Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47020", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-01T15:38:20.510292Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.404Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "soundwire: stream: fix memory leak in stream config error path", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "342260fe821047c3d515e3d28085d73fbdce3e80", "versionType": "git"}, {"status": "affected", "version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "870533403ffa28ff63e173045fc5369365642002", "versionType": "git"}, {"status": "affected", "version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "7c468deae306d0cbbd539408c26cfec04c66159a", "versionType": "git"}, {"status": "affected", "version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "2f17ac005b320c85d686088cfd4c2e7017912b88", "versionType": "git"}, {"status": "affected", "version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "effd2bd62b416f6629e18e3ce077c60de14cfdea", "versionType": "git"}, {"status": "affected", "version": "89e590535f32d4bc548bcf266f3b046e50942f6d", "lessThan": "48f17f96a81763c7c8bf5500460a359b9939359f", "versionType": "git"}], "programFiles": ["drivers/soundwire/stream.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.18"}, {"status": "unaffected", "version": "0", "lessThan": "4.18", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.191", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.119", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.37", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.21", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.4", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/soundwire/stream.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80"}, {"url": "https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002"}, {"url": "https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a"}, {"url": "https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88"}, {"url": "https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea"}, {"url": "https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: stream: fix memory leak in stream config error path\n\nWhen stream config is failed, master runtime will release all\nslave runtime in the slave_rt_list, but slave runtime is not\nadded to the list at this time. This patch frees slave runtime\nin the config error path to fix the memory leak."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:33:43.869Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47020", "state": "PUBLISHED", "dateUpdated": "2024-12-19T07:33:43.869Z", "dateReserved": "2024-02-27T18:42:55.954Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-29T22:31:14.086Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D5BE6B8-83E1-489C-BEB7-8A966A4E0E2C", "versionEndExcluding": "4.19.191", "versionStartIncluding": "4.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07BA880-1043-4674-AC45-266B3B4A44C7", "versionEndExcluding": "5.4.119", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A4CF5D6-ACBA-4980-ABFD-3D7A53B5BB4E", "versionEndExcluding": "5.10.37", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0", "versionEndExcluding": "5.11.21", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838", "versionEndExcluding": "5.12.4", "versionStartIncluding": "5.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: stream: fix memory leak in stream config error path\n\nWhen stream config is failed, master runtime will release all\nslave runtime in the slave_rt_list, but slave runtime is not\nadded to the list at this time. This patch frees slave runtime\nin the config error path to fix the memory leak."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soundwire: stream: corrige la p\u00e9rdida de memoria en la ruta de error de configuraci\u00f3n de stream Cuando falla la configuraci\u00f3n de stream, el tiempo de ejecuci\u00f3n maestro liberar\u00e1 todo el tiempo de ejecuci\u00f3n esclavo en Slave_rt_list, pero el tiempo de ejecuci\u00f3n esclavo no se agrega a la lista. en este momento. Este parche libera el tiempo de ejecuci\u00f3n esclavo en la ruta del error de configuraci\u00f3n para corregir la p\u00e9rdida de memoria."}], "id": "CVE-2021-47020", "lastModified": "2024-12-10T17:03:24.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-29T23:15:07.357", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: soundwire: stream: fix memory leak in stream config error path", "id": "2267202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267202"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsoundwire: stream: fix memory leak in stream config error path\nWhen stream config is failed, master runtime will release all\nslave runtime in the slave_rt_list, but slave runtime is not\nadded to the list at this time. This patch frees slave runtime\nin the config error path to fix the memory leak."], "name": "CVE-2021-47020", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47020\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47020\nhttps://lore.kernel.org/linux-cve-announce/2024022920-CVE-2021-47020-78d9@gregkh/T/#u"], "threat_severity": "Low"}