CVE-2021-47499

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a possible memory leak in the Linux kernel, specifically in the kxcjk-1013 driver. When the ACPI type is ACPI SMO8500, the data->dready trig will not be set, and the memory allocated by iio triggered buffer setup() will not be freed, causing a memory leak. The memory leak can be identified by an unreferenced object, and a backtrace is provided to show the call stack leading to the leak. The issue can be fixed by removing the data->dready trig condition in the probe and remove functions.

Recommendations: To resolve the issue, remove the data->dready trig condition in the probe and remove functions. As a temporary workaround, consider disabling the kxcjk1013 probe() function until a patch is available. Restrict access to the vulnerable module kxcjk 1013 to minimize the risk of exploitation. Avoid using the iio triggered buffer setup() function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.