CVE-2021-47011

Summary

CVE-2021-47011 is a vulnerability in the Linux kernel that affects the slab memory controller. This issue arises from certain objects, such as large allocations from the buddy allocator, which are not charged with the new APIs of obj_cgroup and are consequently treated as kmem pages. These kmem pages retain a reference to the memory cgroup, potentially enabling long-lived objects to pin the original memory cgroup in memory even after it has been removed. This patch aims to resolve the issue by making those kmem pages drop their reference to memory cgroups using the APIs of obj_cgroup. The vulnerability can be exploited to prevent the removal of memory cgroups, leading to potential memory leaks or other system instability. The patch involves refining the rcu_read_lock/unlock mechanism to ensure successful charging of the memcg through the css_get function. This vulnerability is similar to the commit eefbfa7fd678, which also addressed a use-after-free issue in obj_cgroup_charge.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.