CVE-2021-47321: watchdog: Fix possible use-after-free by calling del_timer_sync()
In the Linux kernel, the following vulnerability has been resolved:
watchdog: Fix possible use-after-free by calling deltimersync()
The Linux kernel CVE team has assigned CVE-2021-47321 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052132-CVE-2021-47321-1b9b@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
watchdog: Fix possible use-after-free by calling deltimersync()
This driver's remove path calls deltimer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free.
Fix by calling deltimersync(), which makes sure the timer handler has finished, and unable to re-schedule itself.
— NVD
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2021-47321?
CVE-2021-47321 has been classified with high severity due to the potential for use-after-free vulnerabilities in the Linux kernel.
How do I fix CVE-2021-47321?
To fix CVE-2021-47321, upgrade your Linux kernel to versions 4.4.276, 4.9.276, 4.14.240, 4.19.198, 5.4.134, 5.10.52, 5.12.19, 5.13.4, or 5.14 or later.
What impact does CVE-2021-47321 have on system security?
The impact of CVE-2021-47321 could allow an attacker to exploit memory management flaws, potentially leading to system crashes or arbitrary code execution.
Which versions of the Linux kernel are affected by CVE-2021-47321?
CVE-2021-47321 affects multiple Linux kernel versions prior to 4.4.276, 4.9.276, 4.14.240, 4.19.198, 5.4.134, 5.10.52, 5.12.19, 5.13.4, and 5.14.
Is there a specific patch for CVE-2021-47321?
There is no specific patch; the recommended action is to upgradeto a fixed version of the kernel as listed in the mitigations.