| The vulnerability, tracked as CVE-2021-46924, is a memory leak in the NFC (Near Field Communication) st21nfca driver. Specifically, when the device probe or remove functions are called, the `phy->pending_skb` object is allocated but not freed in error handling paths, leading to a memory leak. |
| |
| The issue was introduced in kernel version 3.16 with commit 68957303f44a and has been fixed in multiple subsequent versions, including 4.14.261, 4.19.224, 5.4.170, 5.10.90, 5.15.13, and 5.16. |
| |
| The affected file is `drivers/nfc/st21nfca/i2c.c`. The fix involves freeing the `pending_skb` object in error and remove paths to prevent the memory leak. |
| |
| To mitigate this issue, it is recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the provided commit hashes. However, the Linux kernel community does not support or recommend cherry-picking individual commits, as they are only tested as part of a larger kernel release. |
| |
