CVE-2021-47660: 
Linux Debian vulnerability analysis and mitigation

CVE-2021-47660 is a vulnerability in the Linux kernel's NTFS3 filesystem module, specifically in the error handling path of the 'log_replay()' function. The issue was discovered and fixed in 2021, with the patch being integrated into various Linux distributions. The vulnerability affects systems using the NTFS3 filesystem module (Debian Security, Ubuntu Security).

The vulnerability stems from improper error handling in the 'logreplay()' function within the NTFS3 filesystem module. When an error condition is encountered, the code directly returns instead of properly cleaning up resources, leading to memory leaks of 'log', 'ra', and 'log->onepage_buf' resources. The fix involves modifying the error handling path to properly free these resources by using the 'goto out' statement instead of a direct return (Kernel Git).

The vulnerability results in memory leaks in the Linux kernel when handling NTFS3 filesystem operations, specifically during journal replay operations. This could lead to resource exhaustion over time if the affected code path is repeatedly triggered (Debian Security).

The issue has been fixed in various Linux distributions through kernel updates. For example, Debian has fixed versions in bullseye (5.10.223-1), bookworm (6.1.129-1), and sid/trixie (6.12.17-1). Ubuntu has marked this as a medium priority issue and is working on updates for affected versions (Debian Security, Ubuntu Security).