CVE-2021-47180 in Linux
Summary
by MITRE • 03/25/2024
In the Linux kernel, the following vulnerability has been resolved:
NFC: nci: fix memory leak in nci_allocate_device
nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device.
BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmalloc include/linux/slab.h:552 [inline]
[] kzalloc include/linux/slab.h:682 [inline]
[] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784
[] nci_allocate_device net/nfc/nci/core.c:1170 [inline]
[] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132
[] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153
[] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345
[] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[] really_probe+0x159/0x4a0 drivers/base/dd.c:554
[] driver_probe_device+0x84/0x100 drivers/base/dd.c:740
[] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846
[] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[] __device_attach+0x122/0x250 drivers/base/dd.c:914
[] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[] device_add+0x5be/0xc30 drivers/base/core.c:3109
[] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
[] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
[] really_probe+0x159/0x4a0 drivers/base/dd.c:554
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 08/04/2025
The vulnerability described in CVE-2021-47180 represents a memory leak within the Linux kernel's NFC subsystem, specifically affecting the NCI (NFC Controller Interface) layer. This issue manifests in the nfcmrvl driver which handles NFC communication through USB interfaces. The flaw occurs during the device allocation and disconnection process where memory allocated for the HCI (Host Controller Interface) device structure is not properly released. According to the kernel's memory tracking system, an object of 1024 bytes remains unreferenced, indicating a classic memory management error that can accumulate over time and potentially lead to system instability or resource exhaustion. The vulnerability is categorized under CWE-401: Improper Release of Memory Before Removing Last Reference, which directly addresses memory management flaws in kernel space code.
The technical root cause lies in the nci_free_device function which is responsible for cleaning up NCI device structures but fails to properly handle the hci_dev field within the nci_dev structure. When the nfcmrvl_disconnect function is called, it correctly identifies that cleanup is needed but omits the critical step of freeing the hci_dev memory allocation. This creates a memory leak where the allocated 1024-byte buffer remains in kernel memory even after the device has been disconnected. The backtrace shows the allocation path starting from nci_hci_allocate through nci_allocate_device, demonstrating that the memory is properly allocated but never freed during the cleanup phase. This pattern follows standard kernel memory management practices where every kmalloc or kzalloc operation should have a corresponding kfree operation, but this critical cleanup step is missing in the disconnect path.
The operational impact of this memory leak can be significant in systems that frequently connect and disconnect NFC devices, particularly in embedded systems or mobile devices where memory resources are constrained. While a single instance of the leak may seem benign, repeated connections and disconnections will cause the leaked memory to accumulate over time, eventually leading to memory pressure that could affect system performance or even cause kernel memory allocation failures. The leak affects the nci_dev structure which is fundamental to NFC communication handling, potentially causing the NFC subsystem to become unresponsive or fail to properly manage multiple device connections. The issue is particularly concerning in environments where NFC devices are frequently hot-plugged and unplugged, such as in mobile devices or IoT applications, as the memory leak compounds with each operation.
Mitigation strategies for this vulnerability should focus on implementing proper memory management practices within the kernel code. The fix requires modifying the nci_free_device function to include explicit freeing of the hci_dev field before the overall structure is released. This aligns with the ATT&CK framework's defense evasion techniques where proper resource management is critical for maintaining system stability. System administrators should ensure that affected kernel versions are patched promptly, particularly in production environments where NFC functionality is actively used. Additionally, monitoring tools should be implemented to track memory usage patterns in NFC subsystems to detect potential memory leaks before they cause system degradation. The fix should be integrated into the standard kernel release cycle and verified through comprehensive testing to ensure that NFC functionality remains intact while eliminating the memory leak. Organizations should also consider implementing automated patch management processes to address such vulnerabilities promptly, as this type of memory management error can have cascading effects on system stability and performance.