CVE-2021-47356: mISDN: fix possible use-after-free in HFC_cleanup()
In the Linux kernel, the following vulnerability has been resolved:
mISDN: fix possible use-after-free in HFCcleanup()
The Linux kernel CVE team has assigned CVE-2021-47356 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052142-CVE-2021-47356-a3d4@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
mISDN: fix possible use-after-free in HFCcleanup()
This module's remove path calls deltimer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free.
Fix by calling deltimersync(), which makes sure the timer handler has finished, and unable to re-schedule itself.
— NVD
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2021-47356?
CVE-2021-47356 is rated as a medium severity vulnerability due to its potential to cause use-after-free issues.
How do I fix CVE-2021-47356?
To fix CVE-2021-47356, ensure that your Linux kernel version is updated to a patched version that is higher than 4.4.276, 4.9.276, 4.14.240, 4.19.198, 5.4.133, 5.10.51, 5.12.18, 5.13.3, or 5.14.
Which Linux kernel versions are affected by CVE-2021-47356?
CVE-2021-47356 affects Linux kernel versions older than or equal to 4.4.276, 4.9.276, 4.14.240, 4.19.198, 5.4.133, 5.10.51, 5.12.18, 5.13.3, and 5.14.
What is the potential impact of CVE-2021-47356?
The potential impact of CVE-2021-47356 includes exploitation that may lead to a denial of service or arbitrary code execution.
How can I determine if my system is vulnerable to CVE-2021-47356?
You can determine if your system is vulnerable to CVE-2021-47356 by checking your current Linux kernel version against the affected versions listed in the vulnerability details.