LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47180: NFC: nci: fix memory leak in nci_allocate_device

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

CVE-2021-47180 is a Linux kernel memory leak in the NFC NCI path. The issue occurs when an NFC device allocation leaves the hci_dev object unfreed during cleanup. Business impact is mainly potential resource exhaustion on systems using the affected NFC driver path, not direct data theft or remote takeover based on the supplied sources.

Executive priority

Treat as routine kernel hygiene unless NFC support is broadly enabled on exposed endpoint fleets. Patch through normal kernel update channels, with higher priority for systems using NFC hardware or untrusted USB peripherals.

Technical view

The Linux NFC NCI implementation leaked memory allocated by nci_hci_allocate when nci_allocate_device cleanup later reached nfcmrvl_disconnect. The resolved change frees hci_dev in nci_free_device. The provided trace involves the nfcmrvl USB NFC driver during device probing. No CVSS, CWE, or exploit evidence is supplied.

Likely exposure

Exposure appears limited to Linux systems with affected kernel versions and NFC NCI/nfcmrvl functionality present or usable. Servers without NFC hardware, disabled NFC support, or kernels carrying the stable fixes are unlikely to be exposed through the described path.

Exploitation context

The source bundle does not report active exploitation, and KEV is false. The evidence describes a kernel memory leak discovered from a bug trace, likely requiring interaction with the affected NFC device path. No public weaponization details are provided in the supplied sources.

Researcher notes

Affected version data in the bundle is sparse and commit-oriented. The trace points to net/nfc/nci and drivers/nfc/nfcmrvl USB probing. Validation should focus on kernel provenance and NFC driver reachability rather than assuming broad Linux exposure.

Mitigation direction

  • Apply vendor kernel updates that include the referenced stable fixes.
  • Prioritize systems where NFC or nfcmrvl USB NFC support is enabled.
  • Disable unused NFC support where operationally acceptable.
  • Check vendor advisories for distribution-specific fixed kernel versions.

Validation and detection

  • Inventory Linux kernel versions across managed endpoints and appliances.
  • Check whether NFC, NCI, or nfcmrvl modules are built or loaded.
  • Confirm the running kernel includes the relevant stable fix commit.
  • Review kernel update status against vendor security packages.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47180 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
9Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux11f54f228643d0248ec00ce8c9fb8d872f87e7b8, 11f54f228643d0248ec00ce8c9fb8d872f87e7b8, 11f54f228643d0248ec00ce8c9fb8d872f87e7b8, 11f54f228643d0248ec00ce8c9fb8d872f87e7b8, 11f54f228643d0248ec00ce8c9fb8d872f87e7b8, 11f54f228643d0248ec00ce8c9fb8d872f87e7b8, 11f54f228643d0248ec00ce8c9fb8d872f87e7b8, 11f54f228643d0248ec00ce8c9fb8d872f87e7b8unaffected
LinuxLinux4.0, 0, 4.4.271, 4.9.271, 4.14.235, 4.19.193, 5.4.123, 5.10.41, 5.12.8, 5.13affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.