| **CVE-2021-47237: Memory Leak in Linux Kernel** |
| |
| A memory leak vulnerability has been discovered in the Linux kernel, affecting versions from 2.6.14 to 5.13. The issue occurs in the `mkiss_open` function in the `drivers/net/hamradio/mkiss.c` file, which is responsible for opening a MKISS (Mikrotik Kernel ISS) device. The vulnerability leads to an unreferenced object being allocated with `kvmalloc_node`, causing a memory leak. |
| |
| The bug was introduced in commit 815f62bf7427 and has been fixed in various kernel versions, including 4.4.274, 4.9.274, 4.14.238, 4.19.196, 5.4.128, 5.10.46, and 5.12.13. The vulnerability can be triggered by calling the `tty_ioctl` function with a specific argument, which leads to the allocation of an unreferenced object. |
| |
| The Linux kernel CVE team recommends updating to the latest stable kernel version to fix this issue, as well as other bugfixes. If updating is not possible, individual changes can be cherry-picked from the commits listed in the mitigation section. However, the Linux kernel community does not support or recommend cherry-picking individual commits. |
| |
