CVE-2021-46923: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-46923 affects the Linux kernel's mount_setattr functionality. The vulnerability was discovered in the fs/mount_setattr implementation where there was a potential memory leak when handling mount attributes. The issue affects Linux kernel versions from 5.12.0 up to (excluding) 5.15.13 (NVD).

The vulnerability exists in the mount_setattr system call implementation where finish_mount_kattr() was not being called in all error paths. Specifically, when path lookup failed, the code would return early without cleaning up the mount_kattr structure, potentially leaking references that were taken during mount_kattr building process, particularly when an idmapped mount was requested (Kernel Patch). The vulnerability has a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability could lead to memory leaks in the kernel when processing mount operations, particularly when handling idmapped mounts. This could potentially result in resource exhaustion over time if exploited repeatedly (NVD).

The vulnerability was fixed by ensuring that finish_mount_kattr() is called after mount_kattr is successfully built in both success and failure cases. The fix was implemented in kernel patch 012e332286e2 and backported to affected stable kernel versions. Users should upgrade to Linux kernel version 5.15.13 or later to address this vulnerability (Kernel Patch).