#VU104404 Memory leak in Linux kernel - CVE-2021-47643

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104404

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47643

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the irtoy_probe() function in drivers/media/rc/ir_toy.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/2011363c196846c083649c91ed30aeef64358d52
https://git.kernel.org/stable/c/382e0f6958ef34eb093127b6d74c12f3b8fd0904
https://git.kernel.org/stable/c/52cdb013036391d9d87aba5b4fc49cdfc6ea4b23
https://git.kernel.org/stable/c/93ef3fdf3b6633c58f049e5a6be755777dde4340
https://git.kernel.org/stable/c/99e3f83539cac6884a4df02cb204a57a184ea12b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Memory leak in Linux kernel media rc driver