CVE-2021-47344: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: media: zr364xx: fix memory leak in zr364xx_start_readpipe syzbot reported memory leak in zr364xx driver. The problem was in non-freed urb in case of usb_submit_urb() fail. backtrace: [<ffffffff82baedf6>] kmalloc include/linux/slab.h:561 [inline] [<ffffffff82baedf6>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74 [<ffffffff82f7cce8>] zr364xx_start_readpipe+0x78/0x130 drivers/media/usb/zr364xx/zr364xx.c:1022 [<ffffffff84251dfc>] zr364xx_board_init drivers/media/usb/zr364xx/zr364xx.c:1383 [inline] [<ffffffff84251dfc>] zr364xx_probe+0x6a3/0x851 drivers/media/usb/zr364xx/zr364xx.c:1516 [<ffffffff82bb6507>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<ffffffff826018a9>] really_probe+0x159/0x500 drivers/base/dd.c:576
AI Analysis
Technical Summary
CVE-2021-47344 is a vulnerability identified in the Linux kernel specifically within the zr364xx USB media driver. The issue arises from a memory leak caused by improper handling of USB Request Blocks (URBs) in the function zr364xx_start_readpipe. When usb_submit_urb() fails, the driver fails to free the allocated URB, leading to a memory leak. The vulnerability was reported by syzbot, an automated kernel fuzzing tool, and the backtrace indicates the problem occurs during the initialization and probing of the zr364xx device driver. This driver supports certain USB-based media devices, and the leak occurs in the error path, which means that under certain failure conditions, memory allocated for USB communication is not released properly. While this does not directly indicate a remote code execution or privilege escalation, memory leaks can degrade system stability and potentially be leveraged in complex attack scenarios to exhaust system resources or assist in further exploitation. The vulnerability affects specific versions of the Linux kernel identified by the commit hash ccbf035ae5de4c535160fc99f73feb44cc55b534. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the primary impact of this vulnerability is on systems running Linux kernels with the affected zr364xx USB media driver, particularly those using USB media devices supported by this driver. The memory leak could lead to gradual degradation of system performance or stability, especially on systems with prolonged uptime or heavy USB media device usage. In critical infrastructure or industrial environments where Linux systems are used for media capture or processing, this could cause service interruptions or require unplanned reboots. While the vulnerability does not currently appear to allow direct compromise of confidentiality or integrity, denial of service through resource exhaustion is a plausible risk. Organizations relying on embedded Linux devices or specialized USB media hardware may be more affected. Since no known exploits exist in the wild, the immediate risk is low, but the presence of a memory leak in kernel space warrants timely patching to avoid potential escalation or exploitation in the future.
Mitigation Recommendations
European organizations should prioritize updating Linux kernels to versions where this vulnerability is patched. Since the issue is in the zr364xx USB media driver, organizations should audit their systems to identify usage of this driver or related USB media devices. If the devices are not in use, disabling or blacklisting the zr364xx driver can mitigate exposure. For systems where the driver is required, ensure kernel updates are applied promptly. Monitoring system logs for usb_submit_urb failures and unusual memory usage patterns can help detect potential exploitation attempts or system instability. Additionally, organizations should implement strict USB device control policies to limit the use of unauthorized USB devices, reducing the attack surface. In environments where patching is delayed, consider isolating affected systems or limiting their network exposure to reduce risk.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2021-47344: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: media: zr364xx: fix memory leak in zr364xx_start_readpipe syzbot reported memory leak in zr364xx driver. The problem was in non-freed urb in case of usb_submit_urb() fail. backtrace: [<ffffffff82baedf6>] kmalloc include/linux/slab.h:561 [inline] [<ffffffff82baedf6>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74 [<ffffffff82f7cce8>] zr364xx_start_readpipe+0x78/0x130 drivers/media/usb/zr364xx/zr364xx.c:1022 [<ffffffff84251dfc>] zr364xx_board_init drivers/media/usb/zr364xx/zr364xx.c:1383 [inline] [<ffffffff84251dfc>] zr364xx_probe+0x6a3/0x851 drivers/media/usb/zr364xx/zr364xx.c:1516 [<ffffffff82bb6507>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<ffffffff826018a9>] really_probe+0x159/0x500 drivers/base/dd.c:576
AI-Powered Analysis
Technical Analysis
CVE-2021-47344 is a vulnerability identified in the Linux kernel specifically within the zr364xx USB media driver. The issue arises from a memory leak caused by improper handling of USB Request Blocks (URBs) in the function zr364xx_start_readpipe. When usb_submit_urb() fails, the driver fails to free the allocated URB, leading to a memory leak. The vulnerability was reported by syzbot, an automated kernel fuzzing tool, and the backtrace indicates the problem occurs during the initialization and probing of the zr364xx device driver. This driver supports certain USB-based media devices, and the leak occurs in the error path, which means that under certain failure conditions, memory allocated for USB communication is not released properly. While this does not directly indicate a remote code execution or privilege escalation, memory leaks can degrade system stability and potentially be leveraged in complex attack scenarios to exhaust system resources or assist in further exploitation. The vulnerability affects specific versions of the Linux kernel identified by the commit hash ccbf035ae5de4c535160fc99f73feb44cc55b534. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the primary impact of this vulnerability is on systems running Linux kernels with the affected zr364xx USB media driver, particularly those using USB media devices supported by this driver. The memory leak could lead to gradual degradation of system performance or stability, especially on systems with prolonged uptime or heavy USB media device usage. In critical infrastructure or industrial environments where Linux systems are used for media capture or processing, this could cause service interruptions or require unplanned reboots. While the vulnerability does not currently appear to allow direct compromise of confidentiality or integrity, denial of service through resource exhaustion is a plausible risk. Organizations relying on embedded Linux devices or specialized USB media hardware may be more affected. Since no known exploits exist in the wild, the immediate risk is low, but the presence of a memory leak in kernel space warrants timely patching to avoid potential escalation or exploitation in the future.
Mitigation Recommendations
European organizations should prioritize updating Linux kernels to versions where this vulnerability is patched. Since the issue is in the zr364xx USB media driver, organizations should audit their systems to identify usage of this driver or related USB media devices. If the devices are not in use, disabling or blacklisting the zr364xx driver can mitigate exposure. For systems where the driver is required, ensure kernel updates are applied promptly. Monitoring system logs for usb_submit_urb failures and unusual memory usage patterns can help detect potential exploitation attempts or system instability. Additionally, organizations should implement strict USB device control policies to limit the use of unauthorized USB devices, reducing the attack surface. In environments where patching is delayed, consider isolating affected systems or limiting their network exposure to reduce risk.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T14:28:16.980Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea50f
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 10:37:19 AM
Last updated: 7/29/2025, 6:04:50 AM
Views: 13
Related Threats
CVE-2025-9020: Use After Free in PX4 PX4-Autopilot
LowCVE-2025-8604: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wptb WP Table Builder – WordPress Table Plugin
MediumCVE-2025-9016: Uncontrolled Search Path in Mechrevo Control Center GX V2
HighCVE-2025-8451: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpdevteam Essential Addons for Elementor – Popular Elementor Templates & Widgets
MediumCVE-2025-8013: CWE-918 Server-Side Request Forgery (SSRF) in quttera Quttera Web Malware Scanner
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.