CVE-2021-47527

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> serial: core: fix transmit-buffer reset and memleak<br /> <br /> Commit 761ed4a94582 ("tty: serial_core: convert uart_close to use<br /> tty_port_close") converted serial core to use tty_port_close() but<br /> failed to notice that the transmit buffer still needs to be freed on<br /> final close.<br /> <br /> Not freeing the transmit buffer means that the buffer is no longer<br /> cleared on next open so that any ioctl() waiting for the buffer to drain<br /> might wait indefinitely (e.g. on termios changes) or that stale data can<br /> end up being transmitted in case tx is restarted.<br /> <br /> Furthermore, the buffer of any port that has been opened would leak on<br /> driver unbind.<br /> <br /> Note that the port lock is held when clearing the buffer pointer due to<br /> the ldisc race worked around by commit a5ba1d95e46e ("uart: fix race<br /> between uart_put_char() and uart_shutdown()").<br /> <br /> Also note that the tty-port shutdown() callback is not called for<br /> console ports so it is not strictly necessary to free the buffer page<br /> after releasing the lock (cf. d72402145ace ("tty/serial: do not free<br /> trasnmit buffer page under port lock")).