CVE-2021-47133 in Linuxinfo

Summary

by MITRE • 03/15/2024

In the Linux kernel, the following vulnerability has been resolved:

HID: amd_sfh: Fix memory leak in amd_sfh_work

Kmemleak tool detected a memory leak in the amd_sfh driver.

==================== unreferenced object 0xffff88810228ada0 (size 32): comm "insmod", pid 3968, jiffies 4295056001 (age 775.792s) hex dump (first 32 bytes): 00 20 73 1f 81 88 ff ff 00 01 00 00 00 00 ad de . s............. 22 01 00 00 00 00 ad de 01 00 02 00 00 00 00 00 "............... backtrace: [] kmem_cache_alloc_trace+0x163/0x4f0
[] amd_sfh_get_report+0xa4/0x1d0 [amd_sfh]
[] amdtp_hid_request+0x62/0x80 [amd_sfh]
[] sensor_hub_get_feature+0x145/0x270 [hid_sensor_hub]
[] hid_sensor_parse_common_attributes+0x215/0x460 [hid_sensor_iio_common]
[] hid_accel_3d_probe+0xff/0x4a0 [hid_sensor_accel_3d]
[] platform_probe+0x6a/0xd0
[] really_probe+0x192/0x620
[] driver_probe_device+0x14a/0x1d0
[] __device_attach_driver+0xbd/0x110
[] bus_for_each_drv+0xfd/0x160
[] __device_attach+0x18b/0x220
[] device_initial_probe+0x13/0x20
[] bus_probe_device+0xfe/0x120
[] device_add+0x6a6/0xe00
[] platform_device_add+0x180/0x380
====================

The fix is to freeing request_list entry once the processed entry is removed from the request_list.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 01/07/2025

The vulnerability CVE-2021-47133 represents a memory leak within the AMD System Firmware Hub (amd_sfh) driver in the Linux kernel, specifically affecting the HID (Human Interface Device) subsystem. This issue was identified through kmemleak analysis, a kernel debugging tool designed to detect memory leaks in kernel space. The memory leak occurs in the amd_sfh_work function where allocated memory structures are not properly freed after processing, creating a persistent memory footprint that can accumulate over time and potentially lead to system instability or resource exhaustion. The vulnerability manifests when the amd_sfh driver handles HID requests, particularly during sensor hub feature retrieval operations, where memory allocated for request_list entries remains unreferenced and unreleased.

The technical flaw stems from improper memory management within the amd_sfh driver's request processing loop. When the driver processes HID requests through the amd_sfh_get_report function, it allocates memory for request_list entries but fails to properly clean up these allocations after the entries have been processed and removed from the list. The backtrace shows the memory allocation path starting from kmem_cache_alloc_trace through the HID sensor hub processing chain including amdtp_hid_request, sensor_hub_get_feature, and various HID sensor probe functions before reaching the final platform device addition. This memory leak pattern follows the CWE-401: Improper Release of Memory Before Removing Last Reference classification, where the driver maintains references to memory objects that should have been freed upon completion of their intended use.

The operational impact of this vulnerability extends beyond simple memory consumption as it affects system reliability and resource management in embedded systems and laptops that utilize AMD System Firmware Hub functionality. The leak occurs during normal device probe and initialization sequences when the system loads the amd_sfh kernel module, making it particularly problematic in environments where multiple HID sensors are present or where the system undergoes frequent device enumeration cycles. Over time, this memory leak can contribute to memory fragmentation, reduce available system resources, and potentially cause system performance degradation or unexpected behavior in systems with limited memory resources. The vulnerability is particularly concerning in mobile devices and laptops where memory resources are constrained and efficient memory management is critical for maintaining system responsiveness.

The fix for CVE-2021-47133 implements a straightforward but critical memory management correction by ensuring that request_list entries are properly freed once they have been processed and removed from the list. This remediation aligns with the ATT&CK technique T1070.004: Indicator Removal on Host, specifically addressing the improper handling of system resources rather than malicious activity. The solution directly addresses the root cause by modifying the driver's cleanup logic to properly release memory allocations, preventing the accumulation of unreferenced objects that were previously causing the kmemleak detection. This fix demonstrates the importance of proper resource management in kernel drivers and highlights the value of automated memory leak detection tools like kmemleak in identifying subtle but significant issues in system-level code. The resolution follows established kernel development practices for memory management and ensures that the amd_sfh driver maintains proper resource accounting throughout its operational lifecycle.

Reservation

03/04/2024

Disclosure

03/15/2024

Moderation

accepted

CPE

ready

EPSS

0.00193

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!