CVE-2021-47123
io_uring: fix ltout double free on completion race
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix ltout double free on completion race
Always remove linked timeout on io_link_timeout_fn() from the master
request link list, otherwise we may get use-after-free when first
io_link_timeout_fn() puts linked timeout in the fail path, and then
will be found and put on master's free.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring: corrige la doble liberación de ltout al finalizar la ejecución. Elimina siempre el tiempo de espera vinculado en io_link_timeout_fn() de la lista de vínculos de solicitud maestra; de lo contrario, es posible que obtengamos use-after-free la primera vez que io_link_timeout_fn() coloca el tiempo de espera vinculado en la ruta de falla, y luego será encontrado y puesto en master gratis.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-04 CVE Reserved
- 2024-03-15 CVE Published
- 2024-03-16 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/90cd7e424969d29aff653333b4dcb4e2e199d791 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.kernel.org/stable/c/1f64f5e903b9d1d157875721e02adadc9d6f0a5d | 2021-06-10 | |
https://git.kernel.org/stable/c/447c19f3b5074409c794b350b10306e1da1ef4ba | 2021-05-14 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 5.12.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.12.10" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.13" | en |
Affected
|