CVE-2021-47119 in Linuxinfo

Summary

by MITRE • 03/15/2024

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix memory leak in ext4_fill_super

Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data) will not be freed by kill_bdev, and subsequently that bh will be leaked.

If blocksizes differ, sb_set_blocksize() will kill current buffers and page cache by using kill_bdev(). And then super block will be reread again but using correct blocksize this time. sb_set_blocksize() didn't fully free superblock page and buffer head, and being busy, they were not freed and instead leaked.

This can easily be reproduced by calling an infinite loop of:

systemctl start .mount, and systemctl stop .mount

... since systemd creates a cgroup for each slice which it mounts, and the bh leak get amplified by a dying memory cgroup that also never gets freed, and memory consumption is much more easily noticed.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 04/04/2025

The vulnerability CVE-2021-47119 represents a critical memory management flaw in the Linux kernel's ext4 filesystem implementation that manifests as a persistent memory leak during superblock handling operations. This issue specifically affects the ext4_fill_super function where buffer head references are not properly released before invoking the kill_bdev() function. The root cause stems from improper resource cleanup within the filesystem initialization process, creating a scenario where buffer head structures and their associated page cache memory remain allocated even after the device has been marked for destruction. The vulnerability operates through a sequence where sb_set_blocksize() function calls kill_bdev() to clear existing buffers and page cache, but fails to completely free all referenced memory structures, leaving buffer heads in a busy state that prevents their subsequent deallocation.

The technical exploitation of this vulnerability occurs when filesystem block sizes differ during superblock reinitialization, triggering the problematic code path where buffer head references are not properly dereferenced before kill_bdev() execution. When the superblock undergoes reinitialization with correct blocksize parameters, the existing buffer head structures remain in memory due to incomplete cleanup operations within the sb_set_blocksize() function. This creates a memory leak that accumulates over time as the system performs repeated mount and unmount operations, with each cycle contributing to additional unreleased buffer head structures. The memory leak is particularly exacerbated by systemd's cgroup management practices where each mount operation creates dedicated memory cgroups that also fail to clean up properly, amplifying the memory consumption impact. The vulnerability is characterized by CWE-401 Memory Leak, which specifically addresses the failure to release memory resources after their use, and aligns with ATT&CK technique T1490 Inhibit System Recovery by consuming system resources through memory leaks that degrade system performance over time.

The operational impact of this vulnerability extends beyond simple memory consumption, creating a persistent degradation of system performance that can eventually lead to system instability or resource exhaustion. The memory leak becomes particularly noticeable under continuous mount/unmount operations such as those generated by systemd's mount management, where the infinite loop of systemctl start and stop commands creates a sustained memory pressure that is easily detectable through standard system monitoring tools. The vulnerability's amplification through memory cgroup management means that the leak is not isolated to a single process or operation but rather accumulates across multiple system components, making the impact more severe and harder to isolate. This type of resource leak represents a significant concern for long-running systems and server environments where sustained mount operations are common, as it can lead to gradual performance degradation, increased swap usage, and potential system crashes due to memory exhaustion. The vulnerability demonstrates how seemingly isolated filesystem operations can create cascading memory management issues that affect overall system stability and resource utilization.

Mitigation strategies for CVE-2021-47119 should focus on both immediate system-level fixes and long-term architectural improvements to prevent similar memory management issues. The primary fix involves ensuring that all buffer head references are properly released before calling kill_bdev() within the ext4 filesystem code, which requires careful review of the buffer management code paths and implementation of proper reference counting and cleanup procedures. System administrators should monitor memory usage patterns and implement periodic system restarts or memory cleanup procedures to prevent accumulation of leaked memory structures. The vulnerability highlights the importance of proper resource management in kernel-level code and the need for comprehensive testing of resource cleanup operations during filesystem operations. Additionally, organizations should consider implementing memory monitoring solutions that can detect and alert on unusual memory consumption patterns that might indicate similar memory leak vulnerabilities. The fix should be applied through kernel updates that address the specific buffer head management issue within the ext4 filesystem implementation, ensuring that all buffer head references are properly dereferenced before device destruction operations occur, thereby preventing the accumulation of leaked memory structures that can degrade system performance over time.

Reservation

03/04/2024

Disclosure

03/15/2024

Moderation

accepted

CPE

ready

EPSS

0.00252

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!