CVE-2021-47024 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability CVE-2021-47024 occurs in the Linux kernel's vsock/virtio implementation, specifically when closing a socket. When a socket is closed, the queued packets are not properly freed, leading to a memory leak. This issue was partially addressed by commit ac03046ece2b, but it was incomplete as it did not drain the RX queue when the socket is definitely closed.

 To fully resolve this issue, the new function virtio_transport_remove_sock() is used to drain the RX queue before removing the socket from the af_vsock lists by calling vsock_remove_sock(). This ensures that all queued packets are properly freed when a socket is closed, preventing memory leaks.

 The affected files include net/vmw_vsock/virtio_transport_common.c. The issue was introduced in kernel version 5.2 with commit ac03046ece2b and has been fixed in various subsequent kernel versions, including 5.10.37, 5.11.21, 5.12.4, and 5.13. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as cherry-picking individual commits is not recommended or supported by the Linux kernel community.
	The vulnerability CVE-2021-47024 occurs in the Linux kernel's vsock/virtio implementation, specifically when closing a socket. When a socket is closed, the queued packets are not properly freed, leading to a memory leak. This issue was partially addressed by commit ac03046ece2b, but it was incomplete as it did not drain the RX queue when the socket is definitely closed.

	To fully resolve this issue, the new function virtio_transport_remove_sock() is used to drain the RX queue before removing the socket from the af_vsock lists by calling vsock_remove_sock(). This ensures that all queued packets are properly freed when a socket is closed, preventing memory leaks.

	The affected files include net/vmw_vsock/virtio_transport_common.c. The issue was introduced in kernel version 5.2 with commit ac03046ece2b and has been fixed in various subsequent kernel versions, including 5.10.37, 5.11.21, 5.12.4, and 5.13. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as cherry-picking individual commits is not recommended or supported by the Linux kernel community.