CVE-2021-47158 in Linuxinfo

Summary

by MITRE • 03/25/2024

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: sja1105: add error handling in sja1105_setup()

If any of sja1105_static_config_load(), sja1105_clocking_setup() or sja1105_devlink_setup() fails, we can't just return in the middle of sja1105_setup() or memory will leak. Add a cleanup path.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 08/04/2025

The vulnerability CVE-2021-47158 represents a critical memory management flaw within the Linux kernel's Distributed Switch Architecture (DSA) subsystem, specifically affecting the sja1105 switch driver. This issue resides in the sja1105_setup() function which is responsible for initializing the SJA1105 switch chip used in various networking applications. The flaw manifests when the driver attempts to load static configuration, set up clocking parameters, or establish devlink infrastructure, but fails to properly handle error conditions during these operations. When any of these three critical setup functions return an error, the driver continues execution instead of immediately terminating, leading to incomplete resource allocation and subsequent memory leaks that persist until the system is rebooted.

The technical implementation of this vulnerability stems from inadequate error handling within the driver's initialization sequence, creating a path where memory allocations occur without corresponding deallocations when errors are encountered. According to CWE-459, this represents a partial cleanup issue where resources are not properly released, and the flaw aligns with ATT&CK technique T1490 for resource exhaustion through memory leaks. The sja1105_setup() function performs three sequential operations that must all succeed for proper initialization, but the absence of proper error propagation means that if any single operation fails, the driver's cleanup mechanism never executes, resulting in memory leakage that accumulates over time.

The operational impact of this vulnerability extends beyond simple memory consumption, potentially affecting system stability and performance in networked environments where multiple switch operations occur. Network administrators may observe gradual performance degradation, increased memory pressure, and potential system instability as memory leaks compound over time. The vulnerability particularly affects systems utilizing SJA1105 switches in data center environments, industrial networking equipment, and embedded systems where memory resources are constrained. In high-traffic scenarios, the cumulative effect of these memory leaks could lead to system crashes or denial of service conditions, making this a significant concern for enterprise networking infrastructure.

Mitigation strategies for CVE-2021-47158 require immediate kernel updates to versions containing the patched sja1105_setup() function with proper error handling and cleanup paths. System administrators should prioritize patching all affected Linux kernel versions, particularly those running network infrastructure equipment with SJA1105 switches. Additionally, monitoring systems should be implemented to track memory usage patterns and identify potential memory leak symptoms before they escalate into system failures. The fix implemented in the patched kernel versions ensures that when any of the three critical setup functions fail, the driver immediately executes proper cleanup routines to release allocated memory and resources, preventing the accumulation of leaked memory that could otherwise compromise system stability and performance over time.

Reservation

03/25/2024

Disclosure

03/25/2024

Moderation

accepted

CPE

ready

EPSS

0.00222

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!