AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-47231: In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: fix memory leak in mcba_usb Syzbot

mediumvulnerability

security

Source: NVD/CVE DatabaseMay 21, 2024CVE-2021-47231

Summary

A memory leak was found in the Linux kernel's SocketCAN driver for Microchip CAN BUS Analyzer Tool, where 20 USB coherent buffers (memory blocks allocated for direct USB communication) were allocated in the mcba_usb_start() function but never freed, causing memory to be wasted when the device disconnected. The issue occurred because the disconnect function simply stopped the USB requests without properly deallocating the coherent buffers.

Solution / Mitigation

All allocated buffers should be freed with usb_free_coherent() explicitly. The source notes that the same correct pattern for allocating and freeing coherent buffers is used in drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-401

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-47231

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%