CVE-2021-47237: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: hamradio: fix memory leak in mkiss_close My local syzbot instance hit memory leak in mkiss_open()[1]. The problem was in missing free_netdev() in mkiss_close(). In mkiss_open() netdevice is allocated and then registered, but in mkiss_close() netdevice was only unregistered, but not freed. Fail log: BUG: memory leak unreferenced object 0xffff8880281ba000 (size 4096): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ax0............. 00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00 .'.*............ backtrace: [<ffffffff81a27201>] kvmalloc_node+0x61/0xf0 [<ffffffff8706e7e8>] alloc_netdev_mqs+0x98/0xe80 [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1] [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110 [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670 [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200 [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0 [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff8880141a9a00 (size 96): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff ...(.......(.... 98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00 .....@.......... backtrace: [<ffffffff8709f68b>] __hw_addr_create_ex+0x5b/0x310 [<ffffffff8709fb38>] __hw_addr_add_ex+0x1f8/0x2b0 [<ffffffff870a0c7b>] dev_addr_init+0x10b/0x1f0 [<ffffffff8706e88b>] alloc_netdev_mqs+0x13b/0xe80 [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1] [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110 [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670 [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200 [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0 [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff8880219bfc00 (size 512): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff ...(............ 80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff81a27201>] kvmalloc_node+0x61/0xf0 [<ffffffff8706eec7>] alloc_netdev_mqs+0x777/0xe80 [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1] [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110 [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670 [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200 [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0 [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff888029b2b200 (size 256): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff81a27201>] kvmalloc_node+0x61/0xf0 [<ffffffff8706f062>] alloc_netdev_mqs+0x912/0xe80 [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1] [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110 [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670 [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200 [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0 [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
AI Analysis
Technical Summary
CVE-2021-47237 is a memory leak vulnerability identified in the Linux kernel's hamradio subsystem, specifically within the mkiss network device driver. The issue arises due to improper resource management in the mkiss_close() function. When a mkiss network device is opened via mkiss_open(), memory is allocated and the device is registered. However, upon closing the device with mkiss_close(), the device is only unregistered but not freed, leading to a memory leak. The vulnerability was discovered through syzbot fuzzing, which detected unreferenced kernel objects that were not properly freed, causing memory to be leaked. The technical details include kernel stack traces showing the allocation and failure to free netdevice structures, with sizes ranging from 96 bytes to 4096 bytes. This leak can accumulate over time if mkiss devices are repeatedly opened and closed without freeing memory, potentially exhausting kernel memory resources. The vulnerability affects specific Linux kernel versions identified by commit hashes, and no CVSS score has been assigned yet. There are no known exploits in the wild at this time, and the issue is primarily a resource management bug rather than a direct code execution or privilege escalation flaw. However, persistent memory leaks in kernel space can degrade system stability and availability, especially on systems heavily utilizing the hamradio mkiss driver.
Potential Impact
For European organizations, the impact of CVE-2021-47237 depends largely on the deployment of Linux systems using the hamradio mkiss driver. While this driver is niche and primarily used in amateur radio and specialized communication setups, organizations involved in telecommunications, research institutions, or hobbyist communities may be affected. The memory leak can lead to gradual kernel memory exhaustion, causing system instability, degraded performance, or crashes. In critical infrastructure or industrial environments where Linux systems run continuously, such leaks could lead to denial of service conditions if not addressed. Although no direct data confidentiality or integrity compromise is evident, availability is impacted. European organizations relying on Linux servers or embedded devices with this driver should be aware of potential operational disruptions. The absence of known exploits reduces immediate risk, but the vulnerability should be remediated to prevent long-term stability issues.
Mitigation Recommendations
To mitigate CVE-2021-47237, European organizations should: 1) Apply the latest Linux kernel updates that include the fix for this memory leak, ensuring mkiss_close() properly frees allocated netdevice structures. 2) Audit systems to identify usage of the hamradio mkiss driver and assess exposure. 3) For systems where kernel updates are delayed, consider disabling the hamradio mkiss driver if it is not required, to eliminate the attack surface. 4) Implement monitoring of kernel memory usage and system logs to detect abnormal memory consumption patterns indicative of leaks. 5) In environments with custom kernel builds, backport the patch or manually apply the fix to the mkiss_close() function. 6) Educate system administrators about the importance of timely kernel patching and the potential impact of memory leaks on system availability. These steps go beyond generic advice by focusing on driver-specific controls and operational monitoring tailored to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2021-47237: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: hamradio: fix memory leak in mkiss_close My local syzbot instance hit memory leak in mkiss_open()[1]. The problem was in missing free_netdev() in mkiss_close(). In mkiss_open() netdevice is allocated and then registered, but in mkiss_close() netdevice was only unregistered, but not freed. Fail log: BUG: memory leak unreferenced object 0xffff8880281ba000 (size 4096): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ax0............. 00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00 .'.*............ backtrace: [<ffffffff81a27201>] kvmalloc_node+0x61/0xf0 [<ffffffff8706e7e8>] alloc_netdev_mqs+0x98/0xe80 [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1] [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110 [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670 [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200 [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0 [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff8880141a9a00 (size 96): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff ...(.......(.... 98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00 .....@.......... backtrace: [<ffffffff8709f68b>] __hw_addr_create_ex+0x5b/0x310 [<ffffffff8709fb38>] __hw_addr_add_ex+0x1f8/0x2b0 [<ffffffff870a0c7b>] dev_addr_init+0x10b/0x1f0 [<ffffffff8706e88b>] alloc_netdev_mqs+0x13b/0xe80 [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1] [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110 [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670 [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200 [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0 [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff8880219bfc00 (size 512): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff ...(............ 80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff81a27201>] kvmalloc_node+0x61/0xf0 [<ffffffff8706eec7>] alloc_netdev_mqs+0x777/0xe80 [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1] [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110 [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670 [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200 [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0 [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff888029b2b200 (size 256): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff81a27201>] kvmalloc_node+0x61/0xf0 [<ffffffff8706f062>] alloc_netdev_mqs+0x912/0xe80 [<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1] [<ffffffff842355db>] tty_ldisc_open+0x9b/0x110 [<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670 [<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440 [<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200 [<ffffffff8911263a>] do_syscall_64+0x3a/0xb0 [<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
AI-Powered Analysis
Technical Analysis
CVE-2021-47237 is a memory leak vulnerability identified in the Linux kernel's hamradio subsystem, specifically within the mkiss network device driver. The issue arises due to improper resource management in the mkiss_close() function. When a mkiss network device is opened via mkiss_open(), memory is allocated and the device is registered. However, upon closing the device with mkiss_close(), the device is only unregistered but not freed, leading to a memory leak. The vulnerability was discovered through syzbot fuzzing, which detected unreferenced kernel objects that were not properly freed, causing memory to be leaked. The technical details include kernel stack traces showing the allocation and failure to free netdevice structures, with sizes ranging from 96 bytes to 4096 bytes. This leak can accumulate over time if mkiss devices are repeatedly opened and closed without freeing memory, potentially exhausting kernel memory resources. The vulnerability affects specific Linux kernel versions identified by commit hashes, and no CVSS score has been assigned yet. There are no known exploits in the wild at this time, and the issue is primarily a resource management bug rather than a direct code execution or privilege escalation flaw. However, persistent memory leaks in kernel space can degrade system stability and availability, especially on systems heavily utilizing the hamradio mkiss driver.
Potential Impact
For European organizations, the impact of CVE-2021-47237 depends largely on the deployment of Linux systems using the hamradio mkiss driver. While this driver is niche and primarily used in amateur radio and specialized communication setups, organizations involved in telecommunications, research institutions, or hobbyist communities may be affected. The memory leak can lead to gradual kernel memory exhaustion, causing system instability, degraded performance, or crashes. In critical infrastructure or industrial environments where Linux systems run continuously, such leaks could lead to denial of service conditions if not addressed. Although no direct data confidentiality or integrity compromise is evident, availability is impacted. European organizations relying on Linux servers or embedded devices with this driver should be aware of potential operational disruptions. The absence of known exploits reduces immediate risk, but the vulnerability should be remediated to prevent long-term stability issues.
Mitigation Recommendations
To mitigate CVE-2021-47237, European organizations should: 1) Apply the latest Linux kernel updates that include the fix for this memory leak, ensuring mkiss_close() properly frees allocated netdevice structures. 2) Audit systems to identify usage of the hamradio mkiss driver and assess exposure. 3) For systems where kernel updates are delayed, consider disabling the hamradio mkiss driver if it is not required, to eliminate the attack surface. 4) Implement monitoring of kernel memory usage and system logs to detect abnormal memory consumption patterns indicative of leaks. 5) In environments with custom kernel builds, backport the patch or manually apply the fix to the mkiss_close() function. 6) Educate system administrators about the importance of timely kernel patching and the potential impact of memory leaks on system availability. These steps go beyond generic advice by focusing on driver-specific controls and operational monitoring tailored to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-04-10T18:59:19.531Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea169
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 2:38:10 PM
Last updated: 8/6/2025, 6:36:48 PM
Views: 11
Related Threats
CVE-2025-8966: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8965: Unrestricted Upload in linlinjava litemall
MediumCVE-2025-36047: CWE-770 Allocation of Resources Without Limits or Throttling in IBM WebSphere Application Server Liberty
MediumCVE-2025-33142: CWE-295 Improper Certificate Validation in IBM WebSphere Application Server
MediumCVE-2025-53631: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in DogukanUrker flaskBlog
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.