CVE-2021-46935: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-46935 affects the Linux kernel's binder driver, specifically related to async_free_space accounting for empty parcels. The vulnerability was introduced in Linux kernel 4.13 when a fix for a kernel structure visibility issue was implemented. The affected versions include Linux kernel from 4.14.0 to 4.14.261, 4.15.0 to 4.19.224, 4.20.0 to 5.4.170, 5.5.0 to 5.10.90, and 5.11.0 to 5.15.13 (NVD).

The vulnerability stems from an accounting issue in the binder driver where sizeof(void *) was used as the buffer size for 0-length data payloads to detect abusive clients sending 0-length asynchronous transactions. However, on the free side, the accounting of async_free_space did not add the sizeof(void *) back, resulting in up to 8-bytes of async_free_space being leaked on every async transaction of 8-bytes or less. The vulnerability has a CVSS v3.1 Base Score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) (NVD).

The vulnerability results in a memory leak of up to 8-bytes of async_free_space on every async transaction of 8-bytes or less. While these small transactions are uncommon, the cumulative effect of the leak went undetected for several years (Kernel Patch).

The fix involves using 'buffer_size' (the allocated buffer size) instead of 'size' (the logical buffer size) when updating the async_free_space during the free operation. This patch has been applied to multiple kernel versions through various stable releases (Kernel Patch).