CVE-2021-47009: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-47009 is a memory leak vulnerability discovered in the Linux kernel's trusted keys component. The vulnerability was identified in the trusted_tpm1.c file where two error return paths failed to free an allocated object 'td', resulting in a memory leak (Kernel Patch). The issue affects Linux kernel versions from 5.10.20 up to (excluding) 5.10.38, from 5.11.3 up to (excluding) 5.11.22, and from 5.12 up to (excluding) 5.12.5 (NVD).

The vulnerability exists in the tpm_seal function within security/keys/trusted-keys/trusted_tpm1.c. The issue was identified by clang scan-build which reported a potential memory leak warning at line 496. The vulnerability occurs when error conditions are encountered during the handling of tpm_get_random(), where the allocated 'td' object is not properly freed in two specific error paths (Kernel Patch). The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability primarily affects system availability by causing memory leaks. When triggered, the system gradually loses available memory as the allocated 'td' objects are not properly freed in error conditions (NVD).

The vulnerability has been patched by modifying the error handling paths to properly free the 'td' object using kfree. The fix involves returning via the error return path that securely frees the allocated memory. The patch has been applied to affected kernel versions (Kernel Patch).