CVE-2021-47356

mISDN: fix possible use-after-free in HFC_cleanup()

Severity Score

7.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

mISDN: fix possible use-after-free in HFC_cleanup()

This module's remove path calls del_timer(). However, that function
does not wait until the timer handler finishes. This means that the
timer handler may still be running after the driver's remove function
has finished, which would result in a use-after-free.

Fix by calling del_timer_sync(), which makes sure the timer handler
has finished, and unable to re-schedule itself.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mISDN: corrige posible use after free en HFC_cleanup(). La ruta de eliminación de este módulo llama a del_timer(). Sin embargo, esa función no espera hasta que finalice el controlador del temporizador. Esto significa que es posible que el controlador del temporizador aún esté ejecutándose después de que haya finalizado la función de eliminación del controlador, lo que daría como resultado un use after free. Para solucionarlo, llame a del_timer_sync(), lo que garantiza que el controlador del temporizador haya finalizado y no pueda reprogramarse.

A vulnerability was found in the Linux kernel's mISDN driver. This issue arises during the cleanup process, where a timer handler might still be running after the driver has been removed, which can lead to a use-after-free issue, potentially causing a system crash.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (11)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe	2021-07-20
https://git.kernel.org/stable/c/54ff3202928952a100c477248e65ac6db01258a7	2021-07-20
https://git.kernel.org/stable/c/7867ddc5f3de7f289aee63233afc0df4b62834c5	2021-07-20
https://git.kernel.org/stable/c/5f2818185da0fe82a932f0856633038b66faf124	2021-07-20
https://git.kernel.org/stable/c/3ecd228c636ee17c14662729737fa07242a93cb0	2021-07-19
https://git.kernel.org/stable/c/b7ee9ae1e0cf55a037c4a99af2acc5d78cb7802d	2021-07-19
https://git.kernel.org/stable/c/61370ff07e0acc657559a8fac02551dfeb9d3020	2021-07-19
https://git.kernel.org/stable/c/ed7c3739d0a07e2ec3ccbffe7e93cea01c438cda	2021-07-19
https://git.kernel.org/stable/c/009fc857c5f6fda81f2f7dd851b2d54193a8e733	2021-05-11

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-47356	2024-08-21
https://bugzilla.redhat.com/show_bug.cgi?id=2282394	2024-08-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.4.276 Search vendor "Linux" for product "Linux Kernel" and version " < 4.4.276"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.276 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.276"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.240 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.240"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.198 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.133 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.133"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.51 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.51"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.12.18 Search vendor "Linux" for product "Linux Kernel" and version " < 5.12.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.13.3 Search vendor "Linux" for product "Linux Kernel" and version " < 5.13.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.14 Search vendor "Linux" for product "Linux Kernel" and version " < 5.14"		en		Affected