CVE-2021-47443 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability, tracked as CVE-2021-47443, resides in the Linux kernel's NFC (Near Field Communication) digital subsystem. Specifically, it affects the `digital_tg_listen_mdaa()` function in `net/nfc/digital_core.c`. The issue arises from a possible memory leak due to improper error handling.

 In the vulnerable code path, `params` is allocated in `digital_tg_listen_mdaa()`, but not freed when `digital_send_cmd()` fails. This leads to a memory leak, as the allocated memory is not released back to the system. To fix this issue, the `params` structure needs to be freed when `digital_send_cmd()` returns an error.

 The vulnerability was introduced in kernel version 3.13 with commit 1c7a4c24fbfd and has been fixed in various kernel versions, including 4.4.290, 4.9.288, 4.14.252, 4.19.213, 5.4.155, 5.10.75, and 5.15. The fixes can be found in the corresponding commits listed in the CVE announcement.

 The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are never tested alone and cherry-picking individual commits is not supported by the Linux kernel community. However, if updating to the latest release is impossible, the individual fixes can be applied from the provided commit links.
	The vulnerability, tracked as CVE-2021-47443, resides in the Linux kernel's NFC (Near Field Communication) digital subsystem. Specifically, it affects the `digital_tg_listen_mdaa()` function in `net/nfc/digital_core.c`. The issue arises from a possible memory leak due to improper error handling.

	In the vulnerable code path, `params` is allocated in `digital_tg_listen_mdaa()`, but not freed when `digital_send_cmd()` fails. This leads to a memory leak, as the allocated memory is not released back to the system. To fix this issue, the `params` structure needs to be freed when `digital_send_cmd()` returns an error.

	The vulnerability was introduced in kernel version 3.13 with commit 1c7a4c24fbfd and has been fixed in various kernel versions, including 4.4.290, 4.9.288, 4.14.252, 4.19.213, 5.4.155, 5.10.75, and 5.15. The fixes can be found in the corresponding commits listed in the CVE announcement.

	The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are never tested alone and cherry-picking individual commits is not supported by the Linux kernel community. However, if updating to the latest release is impossible, the individual fixes can be applied from the provided commit links.