CVE-2021-4213: 
Alma Linux vulnerability analysis and mitigation

CVE-2021-4213 is a vulnerability discovered in JSS (Java Security Services) where the software fails to properly free up memory during TLS connections. The vulnerability was identified as a memory leak issue that causes wasted memory to accumulate in the server's RAM over time (NVD, Debian Tracker).

The vulnerability stems from a memory leak in TLS connections where JSS does not properly free up all memory resources. The issue involves multiple relationships that point at each other, creating a cycle that prevents the JSSEngineReferenceImpl's finalizer from running and clearing native resources. During testing with Tomcat 8.5, most instances did not call cleanup, resulting in leaked JNI resources including sslfd, readbuf, and write_buf (GitHub Commit).

The vulnerability can lead to server memory saturation as wasted memory builds up over time. This could allow an attacker to force the invocation of Linux's Out-Of-Memory (OOM) process, resulting in a denial of service condition (Debian Tracker, Bugzilla).

The issue has been fixed in multiple versions of JSS. The fix involved breaking the cycle at SSLAlertEvent.engine, which allowed JSSEngineReferenceImpl to be garbage collected and the finalizer to run properly. The fix was implemented through two commits that addressed the memory management issues (GitHub Commit, Additional Fix).