CVE-2021-47417 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability, tracked as CVE-2021-47417, is a memory leak in the `strset` functionality of the Linux kernel's `libbpf` library. The issue arises from the fact that the `struct strset` itself is not properly freed, only its internal parts are. This leads to a memory leak, where the struct remains allocated even after it is no longer needed.

 The vulnerability was introduced in kernel version 5.13 with commit 90d76d3ececc and was fixed in kernel versions 5.14.12 with commit 9e8e7504e098 and 5.15 with commit b0e875bac0fa. The affected file is `tools/lib/bpf/strset.c`.

 The recommended mitigation is to update to the latest stable kernel version, as individual changes are not tested or supported by the Linux kernel community. However, if updating to the latest release is impossible, the individual commits that resolve this issue can be found at the provided links.
	The vulnerability, tracked as CVE-2021-47417, is a memory leak in the `strset` functionality of the Linux kernel's `libbpf` library. The issue arises from the fact that the `struct strset` itself is not properly freed, only its internal parts are. This leads to a memory leak, where the struct remains allocated even after it is no longer needed.

	The vulnerability was introduced in kernel version 5.13 with commit 90d76d3ececc and was fixed in kernel versions 5.14.12 with commit 9e8e7504e098 and 5.15 with commit b0e875bac0fa. The affected file is `tools/lib/bpf/strset.c`.

	The recommended mitigation is to update to the latest stable kernel version, as individual changes are not tested or supported by the Linux kernel community. However, if updating to the latest release is impossible, the individual commits that resolve this issue can be found at the provided links.