CVE-2021-45480: 
Linux Kernel vulnerability analysis and mitigation

A memory leak vulnerability was discovered in the Linux kernel before version 5.15.11. The vulnerability exists in the _rdsconn_create() function within the net/rds/connection.c file, specifically in the Reliable Datagram Sockets (RDS) protocol implementation (NVD, Ubuntu Security).

The vulnerability occurs when the _rdsconncreate() function fails to properly deallocate memory in certain error conditions. The issue specifically arises when looptrans != 0 and trans->tpreferloopback != 0 and isoutgoing == 0, where conn->cpath is not properly freed (Linux Commit). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

A local attacker could potentially exploit this vulnerability to cause a denial of service through memory exhaustion. The memory leak in the RDS protocol subsystem could lead to system resource depletion over time (Debian Security).

The vulnerability has been fixed in Linux kernel version 5.15.11 and backported to various distribution kernels. Ubuntu has released fixes in versions 5.13.0-37.42 for impish, 5.4.0-105.119 for focal, and other releases (Ubuntu Security). Debian has addressed this in version 5.10.92-1 for bullseye and 4.19.232-1 for buster (Debian Security).