| The vulnerability, tracked as CVE-2021-47426, is a potential memory leak in the Linux kernel's BPF (Berkeley Packet Filter) JIT (Just-In-Time) compiler for the s390 architecture. The issue arises when the `jit_data` structure is not properly freed in the error path of the JIT compilation process. |
| |
| The problem was introduced in kernel version 5.4 with commit 1c8f9b91c456 and has been fixed in various subsequent kernel releases, including 5.4.153, 5.10.73, 5.14.12, and 5.15. The affected file is `arch/s390/net/bpf_jit_comp.c`. |
| |
| The fix involves ensuring that the `jit_data` structure is properly freed using `kfree()` in the error path of the JIT compilation process. This prevents a potential memory leak, which could be exploited by an attacker to cause a denial-of-service or other malicious behavior. |
| |
| The Linux kernel CVE team recommends updating to the latest stable kernel version to fix this issue, as well as many other bugfixes. Individual changes are not tested alone and cherry-picking individual commits is not recommended or supported by the Linux kernel community. |
| |
