CVE-2021-47585 in Linuxinfo

Summary

by MITRE • 06/19/2024

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix memory leak in __add_inode_ref()

Line 1169 (#3) allocates a memory chunk for victim_name by kmalloc(), but when the function returns in line 1184 (#4) victim_name allocated by line 1169 (#3) is not freed, which will lead to a memory leak. There is a similar snippet of code in this function as allocating a memory chunk for victim_name in line 1104 (#1) as well as releasing the memory in line 1116 (#2).

We should kfree() victim_name when the return value of backref_in_log() is less than zero and before the function returns in line 1184 (#4).

1057 static inline int __add_inode_ref(struct btrfs_trans_handle *trans, 1058 struct btrfs_root *root, 1059 struct btrfs_path *path, 1060 struct btrfs_root *log_root, 1061 struct btrfs_inode *dir, 1062 struct btrfs_inode *inode, 1063 u64 inode_objectid, u64 parent_objectid, 1064 u64 ref_index, char *name, int namelen, 1065 int *search_done) 1066 {

1104 victim_name = kmalloc(victim_name_len, GFP_NOFS); // #1: kmalloc (victim_name-1) 1105 if (!victim_name) 1106 return -ENOMEM;

1112 ret = backref_in_log(log_root, &search_key, 1113 parent_objectid, victim_name, 1114 victim_name_len); 1115 if (ret < 0) {
1116 kfree(victim_name); // #2: kfree (victim_name-1) 1117 return ret; 1118 } else if (!ret) {

1169 victim_name = kmalloc(victim_name_len, GFP_NOFS); // #3: kmalloc (victim_name-2) 1170 if (!victim_name) 1171 return -ENOMEM;

1180 ret = backref_in_log(log_root, &search_key, 1181 parent_objectid, victim_name, 1182 victim_name_len); 1183 if (ret < 0) {
1184 return ret; // #4: missing kfree (victim_name-2) 1185 } else if (!ret) {

1241 return 0; 1242 }

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 10/04/2025

The vulnerability identified as CVE-2021-47585 represents a memory leak within the btrfs file system implementation of the Linux kernel, specifically in the __add_inode_ref() function. This flaw occurs due to improper memory management during the execution of reference handling operations within the btrfs subvolume logging mechanism. The issue manifests when the function allocates memory for a victim_name variable using kmalloc() at line 1169, but fails to release this memory allocation before returning from the function when the backref_in_log() call returns a negative value. The vulnerability is particularly concerning because it demonstrates a pattern of inconsistent memory handling within the same function where one memory allocation is properly freed but another is not, creating a persistent memory leak that can accumulate over time.

The technical root cause of this vulnerability can be traced to a code path that mirrors an existing pattern within the same function but fails to maintain consistency in memory management practices. The function __add_inode_ref() is designed to handle inode reference operations within the btrfs file system, particularly when dealing with logging operations for subvolumes. At line 1104, the function correctly allocates memory for victim_name and at line 1116, properly frees it when the backref_in_log() function returns a negative value. However, at line 1169, a second memory allocation occurs for the same variable but at line 1184, the corresponding kfree() call is missing when the function returns with a negative value from backref_in_log(). This inconsistency violates fundamental memory management principles and creates a memory leak that can lead to system instability, particularly under sustained load conditions where multiple such leaks can compound over time.

The operational impact of this memory leak vulnerability extends beyond simple resource consumption to potentially affect system stability and performance. When the btrfs file system experiences high rates of inode reference operations, particularly in logging scenarios, the accumulation of unfreed memory can lead to gradual memory exhaustion. This condition may manifest as system slowdowns, increased swap usage, or in severe cases, system crashes or hangs. The vulnerability is particularly relevant in environments where btrfs is actively used for logging operations or where there are frequent inode reference modifications. According to CWE-401, this represents a classic memory leak vulnerability where allocated memory is not properly deallocated, and the flaw aligns with ATT&CK technique T1490 which covers resource exhaustion attacks that can degrade system performance through memory consumption.

Mitigation strategies for this vulnerability should prioritize immediate kernel updates from vendors that include the fix for CVE-2021-47585. The patch implemented addresses the specific memory leak by ensuring that victim_name is properly freed when backref_in_log() returns a negative value before the function returns. Organizations should also implement monitoring solutions to track memory usage patterns in systems running btrfs file systems, particularly those that perform heavy logging operations. System administrators should conduct regular vulnerability assessments to identify systems running affected kernel versions and ensure timely patch deployment. Additionally, implementing proper memory leak detection tools during system development and testing phases can help identify similar inconsistencies in memory management patterns. The fix demonstrates the importance of maintaining consistent coding practices within functions and adhering to established memory management protocols to prevent such vulnerabilities from persisting in production environments.

Reservation

05/24/2024

Disclosure

06/19/2024

Moderation

accepted

CPE

ready

EPSS

0.00250

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!