SB2024053067 - Memory leak in Linux kernel usb zr364xx driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2021-47344)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the zr364xx_start_readpipe() function in drivers/media/usb/zr364xx/zr364xx.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/c57b2bd3247925e253729dce283d6bf6abc9339d
• https://git.kernel.org/stable/c/bbc80a972a3c5d7eba3f6c9c07af8fea42f5c513
• https://git.kernel.org/stable/c/b0633051a6cb24186ff04ce1af99c7de18c1987e
• https://git.kernel.org/stable/c/021c294dff030f3ba38eb81e400ba123db32ecbc
• https://git.kernel.org/stable/c/0edd6759167295ea9969e89283b81017b4c688aa
• https://git.kernel.org/stable/c/c57bfd8000d7677bf435873b440eec0c47f73a08
• https://git.kernel.org/stable/c/5f3f81f1c96b501d180021c23c25e9f48eaab235
• https://git.kernel.org/stable/c/d69b39d89f362cfeeb54a68690768d0d257b2c8f
• https://git.kernel.org/stable/c/0a045eac8d0427b64577a24d74bb8347c905ac65
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.240
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.133