CVE-2021-47021 - Linux Kernel mt76: mt7915 Memory Leak Fix and Exploit Details

A recently discovered vulnerability (CVE-2021-47021) in the Linux kernel has been resolved in the mt76: mt7915 module. This vulnerability could have allowed a memory leak, potentially leading to system crashes or instability. The fix addresses the issue and ensures that proper memory management takes place when unregistering the device. This post will provide details regarding the exploit, a code snippet demonstrating the fix, and links to the original references for more information.

Exploit Details

In the mt76 subsystem of the Linux kernel, specifically in the mt7915 module, a memory leak could occur due to improper handling of memory allocation when unregistering a device. This memory leak has the potential to severely impact system stability and potentially crash the system, depending on the system's usage pattern and the amount of memory available.

The issue is found in the mt7915_unregister_device() function where mt7915_tx_token_put() should be called before mt76_free_pending_txwi(). This ensures that memory is freed properly and prevents the memory leak from occurring.

The following code snippet illustrates the fix applied for this vulnerability in the Linux kernel

// In mt7915_main.c - originally had a memory leak
void mt7915_unregister_device(struct mt76_dev *mdev)
{
    struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);

    mt7915_unregister_thermal(mdev);
    
    // The fix: call mt7915_tx_token_put() before mt76_free_pending_txwi()
    mt7915_tx_token_put(dev);  // Added to fix memory leak

    mt76_unregister_device(&dev->mt76);
    mt76_free_pending_txwi(dev);
    mt76_free_device(&dev->mt76);
    kfree(dev);
}

This code fix addresses the memory leak by calling mt7915_tx_token_put() before mt76_free_pending_txwi(), ensuring that memory is freed correctly.

For further information on the vulnerability and its resolution, please consult the following links

1. Linux Kernel Repository - Commit
2. National Vulnerability Database (NVD) CVE-2021-47021

Conclusion

The Linux kernel's mt76: mt7915 module memory leak vulnerability (CVE-2021-47021) has been resolved with updates to ensure proper memory management when unregistering a device. By making the necessary changes to the mt7915_unregister_device() function, this patch helps to protect systems running the Linux kernel from potential crashes and instability. It is recommended that system administrators and users keep their systems up to date with the latest kernel patches to safeguard against this and other potential vulnerabilities.

Timeline

Published on: 02/28/2024 09:15:39 UTC
Last modified on: 02/28/2024 14:06:45 UTC