CVE-2021-47321

watchdog: Fix possible use-after-free by calling del_timer_sync()

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

watchdog: Fix possible use-after-free by calling del_timer_sync()

This driver's remove path calls del_timer(). However, that function
does not wait until the timer handler finishes. This means that the
timer handler may still be running after the driver's remove function
has finished, which would result in a use-after-free.

Fix by calling del_timer_sync(), which makes sure the timer handler
has finished, and unable to re-schedule itself.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: perro guardián: solucione el posible use after free llamando a del_timer_sync(). La ruta de eliminación de este controlador llama a del_timer(). Sin embargo, esa función no espera hasta que finalice el controlador del temporizador. Esto significa que es posible que el controlador del temporizador aún esté ejecutándose después de que haya finalizado la función de eliminación del controlador, lo que daría como resultado un use after free. Para solucionarlo, llame a del_timer_sync(), lo que garantiza que el controlador del temporizador haya finalizado y no pueda reprogramarse.

A vulnerability was found in the del_timer() function in the Linux kernel's watchdog driver. This issue occurs because the function does not wait for the timer handler to finish, which may lead to a situation where the handler runs after the driver that has been removed, causing a use-after-free issue.

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (11)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/58606882ad8ec6c39e0f40344b922921ef94ab4d	2021-07-20
https://git.kernel.org/stable/c/ca96b8ea5e74956071154bdb456778cc3027e79f	2021-07-20
https://git.kernel.org/stable/c/8bec568d7518b1504a602ed5376bb322e4dbb270	2021-07-20
https://git.kernel.org/stable/c/ecd620e0fb1ff7f78fdb593379b2e6938c99707a	2021-07-20
https://git.kernel.org/stable/c/db222f1477ad5692cd454709b714949807e5d111	2021-07-20
https://git.kernel.org/stable/c/66ba9cf929b1c4fabf545bd4c18f6f64e23e46e4	2021-07-20
https://git.kernel.org/stable/c/4c05dac488a660fe2925c047ecb119e7afaaeb1e	2021-07-20
https://git.kernel.org/stable/c/1a053c4d716898a53c2e31c574a70ea0c37044a3	2021-07-20
https://git.kernel.org/stable/c/d0212f095ab56672f6f36aabc605bda205e1e0bf	2021-06-21

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-47321	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2282440	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.4.276 Search vendor "Linux" for product "Linux Kernel" and version " < 4.4.276"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.276 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.276"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.240 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.240"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.198 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.134 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.134"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.52 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.52"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.12.19 Search vendor "Linux" for product "Linux Kernel" and version " < 5.12.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.13.4 Search vendor "Linux" for product "Linux Kernel" and version " < 5.13.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.14 Search vendor "Linux" for product "Linux Kernel" and version " < 5.14"		en		Affected