| The vulnerability CVE-2021-47295 is a memory leak in the Linux kernel's `tcindex_set_parms()` function, specifically in the `tcindex_partial_destroy_work()` destroy function. The issue arises when a new `tcindex_data` structure is allocated and some fields are copied from the old one, but not the perfect hash. This causes a memory leak as the perfect hash is not freed. |
| |
| The problem was introduced in kernel version 3.18 with commit 331b72922c5f and fixed in various kernel versions, including 5.4.136, 5.10.54, 5.13.6, and 5.14. The affected file is `net/sched/cls_tcindex.c`. |
| |
| The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested alone and cherry-picking commits is not supported by the Linux kernel community. However, if updating is impossible, the individual changes can be found in the specified commit hashes. |
| |
| In technical terms, the memory leak occurs because the `tcindex_data` structure contains a perfect hash that is not freed when the old `tcindex_data` is replaced with a new one. The `tcindex_partial_destroy_work()` function is responsible for freeing the resources associated with the old `tcindex_data`, but it does not free the perfect hash, leading to a memory leak. |
| |
