CVE-2021-47482

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to incorrect error handling in the batman-adv component of the Linux kernel. Specifically, the problem lies in the batadv mesh init() function, which calls batadv mesh free() in case of failure of any batadv * init() calls. This approach can lead to cleaning up uninitialized fields, causing issues. Even initializing bat priv->nc.work does not prevent a General Protection Fault (GPF) in batadv nc purge paths() due to a null hash pointer. The patch resolves this by unwinding batadv * init() calls one by one, improving error handling and performance by avoiding unnecessary calls to batadv * free() functions.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.