CVE-2021-45480 in Linuxinfo

Summary

by MITRE • 12/25/2021

An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 02/11/2025

The vulnerability identified as CVE-2021-45480 represents a memory leak flaw within the Linux kernel's Reliable Datagram Sockets (RDS) implementation that affects versions prior to 5.15.11. This issue resides in the __rds_conn_create() function located in the net/rds/connection.c file, where specific combinations of operational conditions trigger uncontrolled memory consumption. The RDS protocol is designed for high-performance communication between nodes in cluster environments, particularly in Oracle RAC and similar distributed database systems where low-latency messaging is critical for maintaining system integrity and performance. The memory leak occurs during connection establishment processes when the kernel fails to properly release allocated memory structures, leading to gradual memory exhaustion over time.

The technical nature of this vulnerability stems from improper memory management within the RDS connection creation pathway where allocated kernel memory structures are not consistently freed when connection establishment fails or encounters specific error conditions. This memory leak manifests as a gradual accumulation of unreleased memory pages that cannot be reclaimed by the system's memory management subsystem. The flaw is particularly concerning because it operates at the kernel level where memory exhaustion can lead to system instability, reduced performance, or complete system crashes. The vulnerability is classified under CWE-401 as a failure to release memory resources, which directly maps to the memory leak pattern observed in this kernel component.

From an operational perspective, this vulnerability poses significant risks to systems running affected Linux kernel versions, especially in high-availability environments where continuous operation is critical. The memory leak accumulates over time, potentially leading to system resource exhaustion where the kernel cannot allocate additional memory for legitimate operations. This can result in service degradation, application failures, or complete system hangs that require manual intervention to resolve through system reboot. The impact is particularly severe in clustered database environments where RDS is commonly used, as it can compromise the reliability of critical database operations and affect data consistency across distributed systems. Network administrators may observe gradual performance degradation before complete system failure occurs.

Mitigation strategies for CVE-2021-45480 focus primarily on kernel version updates to 5.15.11 or later, which contain the patched implementation of the __rds_conn_create() function with proper memory cleanup procedures. Organizations should prioritize patching affected systems, particularly those running database clusters or high-performance computing environments where RDS functionality is utilized. System monitoring should include memory usage tracking to detect early signs of memory leak accumulation, though this represents a reactive approach rather than prevention. Alternative solutions may include limiting RDS usage in affected systems or implementing memory pressure monitoring tools to detect resource exhaustion before complete system failure occurs. The ATT&CK framework categorizes this vulnerability under privilege escalation and resource exhaustion techniques where adversaries could potentially exploit such memory leaks to cause denial of service conditions, making it a critical security concern for enterprise environments.

Reservation

12/24/2021

Disclosure

12/25/2021

Moderation

accepted

CPE

ready

EPSS

0.00353

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!