CVE-2021-47488

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a memory leak caused by the missing cgroup bpf offline function in the Linux kernel. This leak occurs when the CONFIG CGROUP BPF option is enabled. The leak can be observed by running specific commands, such as $mount -t cgroup -o none,name=foo cgroup cgroup/ followed by $umount cgroup/, which results in an unreferenced object. The problem arises because the root cgrp->bpf.refcnt.data is allocated by percpu ref init in cgroup bpf inherit when mounting but is not freed when umounting. The addition of cgroup bpf offline, which calls percpu ref kill to cgroup kill sb, can free root cgrp->bpf.refcnt.data in the umount path, resolving the issue.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.