Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0720
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP9 IF02 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP9 IF02",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-52675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
},
{
"name": "CVE-2023-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4692"
},
{
"name": "CVE-2024-26656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
},
{
"name": "CVE-2024-26974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
},
{
"name": "CVE-2023-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43788"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2023-52878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2023-52669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
},
{
"name": "CVE-2024-36004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2024-35959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
},
{
"name": "CVE-2021-47311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2023-52781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-47073",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2023-52686",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
},
{
"name": "CVE-2021-47236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
},
{
"name": "CVE-2024-35890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
},
{
"name": "CVE-2023-52877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
},
{
"name": "CVE-2024-26826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-35888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
},
{
"name": "CVE-2023-52700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2023-43789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43789"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2023-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4693"
},
{
"name": "CVE-2021-46972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2024-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1048"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2023-52667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
},
{
"name": "CVE-2023-52703",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
},
{
"name": "CVE-2024-26759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
},
{
"name": "CVE-2023-52464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
},
{
"name": "CVE-2023-52813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
},
{
"name": "CVE-2024-35838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2023-52560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
},
{
"name": "CVE-2021-47069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
},
{
"name": "CVE-2024-35960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2023-52835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
},
{
"name": "CVE-2024-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
},
{
"name": "CVE-2021-47310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
},
{
"name": "CVE-2023-52626",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2021-47456",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
},
{
"name": "CVE-2021-47356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
},
{
"name": "CVE-2021-47353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
},
{
"name": "CVE-2023-5090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2021-46909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
},
{
"name": "CVE-2024-35853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0720",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": "2024-08-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7166204",
"url": "https://www.ibm.com/support/pages/node/7166204"
}
]
}
CVE-2020-26555 (GCVE-0-2020-26555)
Vulnerability from cvelistv5 – Published: 2021-05-24 17:41 – Updated: 2025-11-04 19:12
VLAI
EPSS
Summary
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.bluetooth.com/learn-about-bluetooth/k… | x_refsource_MISC |
| https://kb.cert.org/vuls/id/799380 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.intel.com/content/www/us/en/security-… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:16.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/799380"
},
{
"name": "FEDORA-2021-a35b44fd9f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/799380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T17:06:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cert.org/vuls/id/799380"
},
{
"name": "FEDORA-2021-a35b44fd9f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
"refsource": "MISC",
"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
},
{
"name": "https://kb.cert.org/vuls/id/799380",
"refsource": "MISC",
"url": "https://kb.cert.org/vuls/id/799380"
},
{
"name": "FEDORA-2021-a35b44fd9f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26555",
"datePublished": "2021-05-24T17:41:15.000Z",
"dateReserved": "2020-10-04T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:16.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-46909 (GCVE-0-2021-46909)
Vulnerability from cvelistv5 – Published: 2024-02-27 06:53 – Updated: 2026-05-11 13:44
VLAI
EPSS
Title
ARM: footbridge: fix PCI interrupt mapping
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: footbridge: fix PCI interrupt mapping
Since commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in
pci_device_probe()"), the PCI code will call the IRQ mapping function
whenever a PCI driver is probed. If these are marked as __init, this
causes an oops if a PCI driver is loaded or bound after the kernel has
initialised.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
30fdfb929e82450bbf3d0e0aba56efbc29b52b52 , < 532747fd5c7aaa17ee5cf79f3e947c31eb0e35cf
(git)
Affected: 30fdfb929e82450bbf3d0e0aba56efbc29b52b52 , < 2643da6aa57920d9159a1a579fb04f89a2b0d29a (git) Affected: 30fdfb929e82450bbf3d0e0aba56efbc29b52b52 , < 871b569a3e67f570df9f5ba195444dc7c621293b (git) Affected: 30fdfb929e82450bbf3d0e0aba56efbc29b52b52 , < 1fc087fdb98d556b416c82ed6e3964a30885f47a (git) Affected: 30fdfb929e82450bbf3d0e0aba56efbc29b52b52 , < c3efce8cc9807339633ee30e39882f4c8626ee1d (git) Affected: 30fdfb929e82450bbf3d0e0aba56efbc29b52b52 , < 30e3b4f256b4e366a61658c294f6a21b8626dda7 (git) |
|
| Linux | Linux |
Affected:
4.13
Unaffected: 0 , < 4.13 (semver) Unaffected: 4.14.232 , ≤ 4.14.* (semver) Unaffected: 4.19.189 , ≤ 4.19.* (semver) Unaffected: 5.4.114 , ≤ 5.4.* (semver) Unaffected: 5.10.32 , ≤ 5.10.* (semver) Unaffected: 5.11.16 , ≤ 5.11.* (semver) Unaffected: 5.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T22:33:27.334758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:15.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/532747fd5c7aaa17ee5cf79f3e947c31eb0e35cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2643da6aa57920d9159a1a579fb04f89a2b0d29a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/871b569a3e67f570df9f5ba195444dc7c621293b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fc087fdb98d556b416c82ed6e3964a30885f47a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c3efce8cc9807339633ee30e39882f4c8626ee1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30e3b4f256b4e366a61658c294f6a21b8626dda7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-footbridge/cats-pci.c",
"arch/arm/mach-footbridge/ebsa285-pci.c",
"arch/arm/mach-footbridge/netwinder-pci.c",
"arch/arm/mach-footbridge/personal-pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "532747fd5c7aaa17ee5cf79f3e947c31eb0e35cf",
"status": "affected",
"version": "30fdfb929e82450bbf3d0e0aba56efbc29b52b52",
"versionType": "git"
},
{
"lessThan": "2643da6aa57920d9159a1a579fb04f89a2b0d29a",
"status": "affected",
"version": "30fdfb929e82450bbf3d0e0aba56efbc29b52b52",
"versionType": "git"
},
{
"lessThan": "871b569a3e67f570df9f5ba195444dc7c621293b",
"status": "affected",
"version": "30fdfb929e82450bbf3d0e0aba56efbc29b52b52",
"versionType": "git"
},
{
"lessThan": "1fc087fdb98d556b416c82ed6e3964a30885f47a",
"status": "affected",
"version": "30fdfb929e82450bbf3d0e0aba56efbc29b52b52",
"versionType": "git"
},
{
"lessThan": "c3efce8cc9807339633ee30e39882f4c8626ee1d",
"status": "affected",
"version": "30fdfb929e82450bbf3d0e0aba56efbc29b52b52",
"versionType": "git"
},
{
"lessThan": "30e3b4f256b4e366a61658c294f6a21b8626dda7",
"status": "affected",
"version": "30fdfb929e82450bbf3d0e0aba56efbc29b52b52",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-footbridge/cats-pci.c",
"arch/arm/mach-footbridge/ebsa285-pci.c",
"arch/arm/mach-footbridge/netwinder-pci.c",
"arch/arm/mach-footbridge/personal-pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.232",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.114",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.232",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.189",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.114",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.32",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.16",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: footbridge: fix PCI interrupt mapping\n\nSince commit 30fdfb929e82 (\"PCI: Add a call to pci_assign_irq() in\npci_device_probe()\"), the PCI code will call the IRQ mapping function\nwhenever a PCI driver is probed. If these are marked as __init, this\ncauses an oops if a PCI driver is loaded or bound after the kernel has\ninitialised."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:44:13.718Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/532747fd5c7aaa17ee5cf79f3e947c31eb0e35cf"
},
{
"url": "https://git.kernel.org/stable/c/2643da6aa57920d9159a1a579fb04f89a2b0d29a"
},
{
"url": "https://git.kernel.org/stable/c/871b569a3e67f570df9f5ba195444dc7c621293b"
},
{
"url": "https://git.kernel.org/stable/c/1fc087fdb98d556b416c82ed6e3964a30885f47a"
},
{
"url": "https://git.kernel.org/stable/c/c3efce8cc9807339633ee30e39882f4c8626ee1d"
},
{
"url": "https://git.kernel.org/stable/c/30e3b4f256b4e366a61658c294f6a21b8626dda7"
}
],
"title": "ARM: footbridge: fix PCI interrupt mapping",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46909",
"datePublished": "2024-02-27T06:53:50.181Z",
"dateReserved": "2024-02-25T13:45:52.718Z",
"dateUpdated": "2026-05-11T13:44:13.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-46972 (GCVE-0-2021-46972)
Vulnerability from cvelistv5 – Published: 2024-02-27 18:47 – Updated: 2026-05-11 13:45
VLAI
EPSS
Title
ovl: fix leaked dentry
Summary
In the Linux kernel, the following vulnerability has been resolved:
ovl: fix leaked dentry
Since commit 6815f479ca90 ("ovl: use only uppermetacopy state in
ovl_lookup()"), overlayfs doesn't put temporary dentry when there is a
metacopy error, which leads to dentry leaks when shutting down the related
superblock:
overlayfs: refusing to follow metacopy origin for (/file0)
...
BUG: Dentry (____ptrval____){i=3f33,n=file3} still in use (1) [unmount of overlay overlay]
...
WARNING: CPU: 1 PID: 432 at umount_check.cold+0x107/0x14d
CPU: 1 PID: 432 Comm: unmount-overlay Not tainted 5.12.0-rc5 #1
...
RIP: 0010:umount_check.cold+0x107/0x14d
...
Call Trace:
d_walk+0x28c/0x950
? dentry_lru_isolate+0x2b0/0x2b0
? __kasan_slab_free+0x12/0x20
do_one_tree+0x33/0x60
shrink_dcache_for_umount+0x78/0x1d0
generic_shutdown_super+0x70/0x440
kill_anon_super+0x3e/0x70
deactivate_locked_super+0xc4/0x160
deactivate_super+0xfa/0x140
cleanup_mnt+0x22e/0x370
__cleanup_mnt+0x1a/0x30
task_work_run+0x139/0x210
do_exit+0xb0c/0x2820
? __kasan_check_read+0x1d/0x30
? find_held_lock+0x35/0x160
? lock_release+0x1b6/0x660
? mm_update_next_owner+0xa20/0xa20
? reacquire_held_locks+0x3f0/0x3f0
? __sanitizer_cov_trace_const_cmp4+0x22/0x30
do_group_exit+0x135/0x380
__do_sys_exit_group.isra.0+0x20/0x20
__x64_sys_exit_group+0x3c/0x50
do_syscall_64+0x45/0x70
entry_SYSCALL_64_after_hwframe+0x44/0xae
...
VFS: Busy inodes after unmount of overlay. Self-destruct in 5 seconds. Have a nice day...
This fix has been tested with a syzkaller reproducer.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
6815f479ca90ee7fd2e28b2a420f796b974155fe , < 71d58457a8afc650da5d3292a7f7029317654d95
(git)
Affected: 6815f479ca90ee7fd2e28b2a420f796b974155fe , < cf3e3330bc5719fa9d658e3e2f596bde89344a94 (git) Affected: 6815f479ca90ee7fd2e28b2a420f796b974155fe , < d587cfaef72b1b6f4b2774827123bce91f497cc8 (git) Affected: 6815f479ca90ee7fd2e28b2a420f796b974155fe , < eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41 (git) |
|
| Linux | Linux |
Affected:
5.8
Unaffected: 0 , < 5.8 (semver) Unaffected: 5.10.35 , ≤ 5.10.* (semver) Unaffected: 5.11.19 , ≤ 5.11.* (semver) Unaffected: 5.12.2 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:00:35.229463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:00:43.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71d58457a8afc650da5d3292a7f7029317654d95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf3e3330bc5719fa9d658e3e2f596bde89344a94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d587cfaef72b1b6f4b2774827123bce91f497cc8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/overlayfs/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "71d58457a8afc650da5d3292a7f7029317654d95",
"status": "affected",
"version": "6815f479ca90ee7fd2e28b2a420f796b974155fe",
"versionType": "git"
},
{
"lessThan": "cf3e3330bc5719fa9d658e3e2f596bde89344a94",
"status": "affected",
"version": "6815f479ca90ee7fd2e28b2a420f796b974155fe",
"versionType": "git"
},
{
"lessThan": "d587cfaef72b1b6f4b2774827123bce91f497cc8",
"status": "affected",
"version": "6815f479ca90ee7fd2e28b2a420f796b974155fe",
"versionType": "git"
},
{
"lessThan": "eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41",
"status": "affected",
"version": "6815f479ca90ee7fd2e28b2a420f796b974155fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/overlayfs/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.35",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.19",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix leaked dentry\n\nSince commit 6815f479ca90 (\"ovl: use only uppermetacopy state in\novl_lookup()\"), overlayfs doesn\u0027t put temporary dentry when there is a\nmetacopy error, which leads to dentry leaks when shutting down the related\nsuperblock:\n\n overlayfs: refusing to follow metacopy origin for (/file0)\n ...\n BUG: Dentry (____ptrval____){i=3f33,n=file3} still in use (1) [unmount of overlay overlay]\n ...\n WARNING: CPU: 1 PID: 432 at umount_check.cold+0x107/0x14d\n CPU: 1 PID: 432 Comm: unmount-overlay Not tainted 5.12.0-rc5 #1\n ...\n RIP: 0010:umount_check.cold+0x107/0x14d\n ...\n Call Trace:\n d_walk+0x28c/0x950\n ? dentry_lru_isolate+0x2b0/0x2b0\n ? __kasan_slab_free+0x12/0x20\n do_one_tree+0x33/0x60\n shrink_dcache_for_umount+0x78/0x1d0\n generic_shutdown_super+0x70/0x440\n kill_anon_super+0x3e/0x70\n deactivate_locked_super+0xc4/0x160\n deactivate_super+0xfa/0x140\n cleanup_mnt+0x22e/0x370\n __cleanup_mnt+0x1a/0x30\n task_work_run+0x139/0x210\n do_exit+0xb0c/0x2820\n ? __kasan_check_read+0x1d/0x30\n ? find_held_lock+0x35/0x160\n ? lock_release+0x1b6/0x660\n ? mm_update_next_owner+0xa20/0xa20\n ? reacquire_held_locks+0x3f0/0x3f0\n ? __sanitizer_cov_trace_const_cmp4+0x22/0x30\n do_group_exit+0x135/0x380\n __do_sys_exit_group.isra.0+0x20/0x20\n __x64_sys_exit_group+0x3c/0x50\n do_syscall_64+0x45/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n ...\n VFS: Busy inodes after unmount of overlay. Self-destruct in 5 seconds. Have a nice day...\n\nThis fix has been tested with a syzkaller reproducer."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:45:29.570Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/71d58457a8afc650da5d3292a7f7029317654d95"
},
{
"url": "https://git.kernel.org/stable/c/cf3e3330bc5719fa9d658e3e2f596bde89344a94"
},
{
"url": "https://git.kernel.org/stable/c/d587cfaef72b1b6f4b2774827123bce91f497cc8"
},
{
"url": "https://git.kernel.org/stable/c/eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41"
}
],
"title": "ovl: fix leaked dentry",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46972",
"datePublished": "2024-02-27T18:47:07.276Z",
"dateReserved": "2024-02-27T18:42:55.943Z",
"dateUpdated": "2026-05-11T13:45:29.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47069 (GCVE-0-2021-47069)
Vulnerability from cvelistv5 – Published: 2024-03-01 21:15 – Updated: 2026-05-11 13:47
VLAI
EPSS
Title
ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
do_mq_timedreceive calls wq_sleep with a stack local address. The
sender (do_mq_timedsend) uses this address to later call pipelined_send.
This leads to a very hard to trigger race where a do_mq_timedreceive
call might return and leave do_mq_timedsend to rely on an invalid
address, causing the following crash:
RIP: 0010:wake_q_add_safe+0x13/0x60
Call Trace:
__x64_sys_mq_timedsend+0x2a9/0x490
do_syscall_64+0x80/0x680
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f5928e40343
The race occurs as:
1. do_mq_timedreceive calls wq_sleep with the address of `struct
ext_wait_queue` on function stack (aliased as `ewq_addr` here) - it
holds a valid `struct ext_wait_queue *` as long as the stack has not
been overwritten.
2. `ewq_addr` gets added to info->e_wait_q[RECV].list in wq_add, and
do_mq_timedsend receives it via wq_get_first_waiter(info, RECV) to call
__pipelined_op.
3. Sender calls __pipelined_op::smp_store_release(&this->state,
STATE_READY). Here is where the race window begins. (`this` is
`ewq_addr`.)
4. If the receiver wakes up now in do_mq_timedreceive::wq_sleep, it
will see `state == STATE_READY` and break.
5. do_mq_timedreceive returns, and `ewq_addr` is no longer guaranteed
to be a `struct ext_wait_queue *` since it was on do_mq_timedreceive's
stack. (Although the address may not get overwritten until another
function happens to touch it, which means it can persist around for an
indefinite time.)
6. do_mq_timedsend::__pipelined_op() still believes `ewq_addr` is a
`struct ext_wait_queue *`, and uses it to find a task_struct to pass to
the wake_q_add_safe call. In the lucky case where nothing has
overwritten `ewq_addr` yet, `ewq_addr->task` is the right task_struct.
In the unlucky case, __pipelined_op::wake_q_add_safe gets handed a
bogus address as the receiver's task_struct causing the crash.
do_mq_timedsend::__pipelined_op() should not dereference `this` after
setting STATE_READY, as the receiver counterpart is now free to return.
Change __pipelined_op to call wake_q_add_safe on the receiver's
task_struct returned by get_task_struct, instead of dereferencing `this`
which sits on the receiver's stack.
As Manfred pointed out, the race potentially also exists in
ipc/msg.c::expunge_all and ipc/sem.c::wake_up_sem_queue_prepare. Fix
those in the same way.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04 , < 4528c0c323085e645b8765913b4a7fd42cf49b65
(git)
Affected: c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04 , < 807fa14536b26803b858da878b643be72952a097 (git) Affected: c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04 , < a11ddb37bf367e6b5239b95ca759e5389bb46048 (git) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.40 , ≤ 5.10.* (semver) Unaffected: 5.12.7 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:15:09.996738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:15:20.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4528c0c323085e645b8765913b4a7fd42cf49b65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/807fa14536b26803b858da878b643be72952a097"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a11ddb37bf367e6b5239b95ca759e5389bb46048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"ipc/mqueue.c",
"ipc/msg.c",
"ipc/sem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4528c0c323085e645b8765913b4a7fd42cf49b65",
"status": "affected",
"version": "c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04",
"versionType": "git"
},
{
"lessThan": "807fa14536b26803b858da878b643be72952a097",
"status": "affected",
"version": "c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04",
"versionType": "git"
},
{
"lessThan": "a11ddb37bf367e6b5239b95ca759e5389bb46048",
"status": "affected",
"version": "c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"ipc/mqueue.c",
"ipc/msg.c",
"ipc/sem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.40",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.40",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.7",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry\n\ndo_mq_timedreceive calls wq_sleep with a stack local address. The\nsender (do_mq_timedsend) uses this address to later call pipelined_send.\n\nThis leads to a very hard to trigger race where a do_mq_timedreceive\ncall might return and leave do_mq_timedsend to rely on an invalid\naddress, causing the following crash:\n\n RIP: 0010:wake_q_add_safe+0x13/0x60\n Call Trace:\n __x64_sys_mq_timedsend+0x2a9/0x490\n do_syscall_64+0x80/0x680\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n RIP: 0033:0x7f5928e40343\n\nThe race occurs as:\n\n1. do_mq_timedreceive calls wq_sleep with the address of `struct\n ext_wait_queue` on function stack (aliased as `ewq_addr` here) - it\n holds a valid `struct ext_wait_queue *` as long as the stack has not\n been overwritten.\n\n2. `ewq_addr` gets added to info-\u003ee_wait_q[RECV].list in wq_add, and\n do_mq_timedsend receives it via wq_get_first_waiter(info, RECV) to call\n __pipelined_op.\n\n3. Sender calls __pipelined_op::smp_store_release(\u0026this-\u003estate,\n STATE_READY). Here is where the race window begins. (`this` is\n `ewq_addr`.)\n\n4. If the receiver wakes up now in do_mq_timedreceive::wq_sleep, it\n will see `state == STATE_READY` and break.\n\n5. do_mq_timedreceive returns, and `ewq_addr` is no longer guaranteed\n to be a `struct ext_wait_queue *` since it was on do_mq_timedreceive\u0027s\n stack. (Although the address may not get overwritten until another\n function happens to touch it, which means it can persist around for an\n indefinite time.)\n\n6. do_mq_timedsend::__pipelined_op() still believes `ewq_addr` is a\n `struct ext_wait_queue *`, and uses it to find a task_struct to pass to\n the wake_q_add_safe call. In the lucky case where nothing has\n overwritten `ewq_addr` yet, `ewq_addr-\u003etask` is the right task_struct.\n In the unlucky case, __pipelined_op::wake_q_add_safe gets handed a\n bogus address as the receiver\u0027s task_struct causing the crash.\n\ndo_mq_timedsend::__pipelined_op() should not dereference `this` after\nsetting STATE_READY, as the receiver counterpart is now free to return.\nChange __pipelined_op to call wake_q_add_safe on the receiver\u0027s\ntask_struct returned by get_task_struct, instead of dereferencing `this`\nwhich sits on the receiver\u0027s stack.\n\nAs Manfred pointed out, the race potentially also exists in\nipc/msg.c::expunge_all and ipc/sem.c::wake_up_sem_queue_prepare. Fix\nthose in the same way."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:47:28.778Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4528c0c323085e645b8765913b4a7fd42cf49b65"
},
{
"url": "https://git.kernel.org/stable/c/807fa14536b26803b858da878b643be72952a097"
},
{
"url": "https://git.kernel.org/stable/c/a11ddb37bf367e6b5239b95ca759e5389bb46048"
}
],
"title": "ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47069",
"datePublished": "2024-03-01T21:15:08.598Z",
"dateReserved": "2024-02-29T22:33:44.296Z",
"dateUpdated": "2026-05-11T13:47:28.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47073 (GCVE-0-2021-47073)
Vulnerability from cvelistv5 – Published: 2024-03-01 21:15 – Updated: 2026-05-11 13:47
VLAI
EPSS
Title
platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
init_dell_smbios_wmi() only registers the dell_smbios_wmi_driver on systems
where the Dell WMI interface is supported. While exit_dell_smbios_wmi()
unregisters it unconditionally, this leads to the following oops:
[ 175.722921] ------------[ cut here ]------------
[ 175.722925] Unexpected driver unregister!
[ 175.722939] WARNING: CPU: 1 PID: 3630 at drivers/base/driver.c:194 driver_unregister+0x38/0x40
...
[ 175.723089] Call Trace:
[ 175.723094] cleanup_module+0x5/0xedd [dell_smbios]
...
[ 175.723148] ---[ end trace 064c34e1ad49509d ]---
Make the unregister happen on the same condition the register happens
to fix this.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1a258e670434f404a4500b65ba1afea2c2b29bba , < 75cfc833da4a2111106d4c134e93e0c7f41e35e7
(git)
Affected: 1a258e670434f404a4500b65ba1afea2c2b29bba , < 6fa78a6b9a3beb676a010dc489c1257f7e432525 (git) Affected: 1a258e670434f404a4500b65ba1afea2c2b29bba , < 0cf036a0d325200e6c27b90908e51195bbc557b1 (git) Affected: 1a258e670434f404a4500b65ba1afea2c2b29bba , < 8d746ea7c687bab060a2c05a35c449302406cd52 (git) Affected: 1a258e670434f404a4500b65ba1afea2c2b29bba , < 3a53587423d25c87af4b4126a806a0575104b45e (git) |
|
| Linux | Linux |
Affected:
4.15
Unaffected: 0 , < 4.15 (semver) Unaffected: 4.19.192 , ≤ 4.19.* (semver) Unaffected: 5.4.122 , ≤ 5.4.* (semver) Unaffected: 5.10.40 , ≤ 5.10.* (semver) Unaffected: 5.12.7 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T22:11:59.293322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:23.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75cfc833da4a2111106d4c134e93e0c7f41e35e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fa78a6b9a3beb676a010dc489c1257f7e432525"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0cf036a0d325200e6c27b90908e51195bbc557b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d746ea7c687bab060a2c05a35c449302406cd52"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a53587423d25c87af4b4126a806a0575104b45e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/dell/dell-smbios-wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "75cfc833da4a2111106d4c134e93e0c7f41e35e7",
"status": "affected",
"version": "1a258e670434f404a4500b65ba1afea2c2b29bba",
"versionType": "git"
},
{
"lessThan": "6fa78a6b9a3beb676a010dc489c1257f7e432525",
"status": "affected",
"version": "1a258e670434f404a4500b65ba1afea2c2b29bba",
"versionType": "git"
},
{
"lessThan": "0cf036a0d325200e6c27b90908e51195bbc557b1",
"status": "affected",
"version": "1a258e670434f404a4500b65ba1afea2c2b29bba",
"versionType": "git"
},
{
"lessThan": "8d746ea7c687bab060a2c05a35c449302406cd52",
"status": "affected",
"version": "1a258e670434f404a4500b65ba1afea2c2b29bba",
"versionType": "git"
},
{
"lessThan": "3a53587423d25c87af4b4126a806a0575104b45e",
"status": "affected",
"version": "1a258e670434f404a4500b65ba1afea2c2b29bba",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/dell/dell-smbios-wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.192",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.40",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.192",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.122",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.40",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.7",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios\n\ninit_dell_smbios_wmi() only registers the dell_smbios_wmi_driver on systems\nwhere the Dell WMI interface is supported. While exit_dell_smbios_wmi()\nunregisters it unconditionally, this leads to the following oops:\n\n[ 175.722921] ------------[ cut here ]------------\n[ 175.722925] Unexpected driver unregister!\n[ 175.722939] WARNING: CPU: 1 PID: 3630 at drivers/base/driver.c:194 driver_unregister+0x38/0x40\n...\n[ 175.723089] Call Trace:\n[ 175.723094] cleanup_module+0x5/0xedd [dell_smbios]\n...\n[ 175.723148] ---[ end trace 064c34e1ad49509d ]---\n\nMake the unregister happen on the same condition the register happens\nto fix this."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:47:33.478Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/75cfc833da4a2111106d4c134e93e0c7f41e35e7"
},
{
"url": "https://git.kernel.org/stable/c/6fa78a6b9a3beb676a010dc489c1257f7e432525"
},
{
"url": "https://git.kernel.org/stable/c/0cf036a0d325200e6c27b90908e51195bbc557b1"
},
{
"url": "https://git.kernel.org/stable/c/8d746ea7c687bab060a2c05a35c449302406cd52"
},
{
"url": "https://git.kernel.org/stable/c/3a53587423d25c87af4b4126a806a0575104b45e"
}
],
"title": "platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47073",
"datePublished": "2024-03-01T21:15:11.466Z",
"dateReserved": "2024-02-29T22:33:44.297Z",
"dateUpdated": "2026-05-11T13:47:33.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47236 (GCVE-0-2021-47236)
Vulnerability from cvelistv5 – Published: 2024-05-21 14:19 – Updated: 2026-05-11 13:50
VLAI
EPSS
Title
net: cdc_eem: fix tx fixup skb leak
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: cdc_eem: fix tx fixup skb leak
when usbnet transmit a skb, eem fixup it in eem_tx_fixup(),
if skb_copy_expand() failed, it return NULL,
usbnet_start_xmit() will have no chance to free original skb.
fix it by free orginal skb in eem_tx_fixup() first,
then check skb clone status, if failed, return NULL to usbnet.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9f722c0978b04acba209f8ca1896ad05814bc3a3 , < f12554b0ff639e74612cc01b3b4a049e098d2d65
(git)
Affected: 9f722c0978b04acba209f8ca1896ad05814bc3a3 , < 14184ec5c958b589ba934da7363a2877879204df (git) Affected: 9f722c0978b04acba209f8ca1896ad05814bc3a3 , < 1bcacd6088d61c0ac6a990d87975600a81f3247e (git) Affected: 9f722c0978b04acba209f8ca1896ad05814bc3a3 , < f4e6a7f19c82f39b1803e91c54718f0d7143767d (git) Affected: 9f722c0978b04acba209f8ca1896ad05814bc3a3 , < 81de2ed06df8b5451e050fe6a318af3263dbff3f (git) Affected: 9f722c0978b04acba209f8ca1896ad05814bc3a3 , < 05b2b9f7d24b5663d9b47427fe1555bdafd3ea02 (git) Affected: 9f722c0978b04acba209f8ca1896ad05814bc3a3 , < b4f7a9fc9d094c0c4a66f2ad7c37b1dbe9e78f88 (git) Affected: 9f722c0978b04acba209f8ca1896ad05814bc3a3 , < c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7 (git) |
|
| Linux | Linux |
Affected:
2.6.30
Unaffected: 0 , < 2.6.30 (semver) Unaffected: 4.4.274 , ≤ 4.4.* (semver) Unaffected: 4.9.274 , ≤ 4.9.* (semver) Unaffected: 4.14.238 , ≤ 4.14.* (semver) Unaffected: 4.19.196 , ≤ 4.19.* (semver) Unaffected: 5.4.128 , ≤ 5.4.* (semver) Unaffected: 5.10.46 , ≤ 5.10.* (semver) Unaffected: 5.12.13 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:38:01.951930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:39:57.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:07.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f12554b0ff639e74612cc01b3b4a049e098d2d65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14184ec5c958b589ba934da7363a2877879204df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1bcacd6088d61c0ac6a990d87975600a81f3247e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4e6a7f19c82f39b1803e91c54718f0d7143767d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81de2ed06df8b5451e050fe6a318af3263dbff3f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/05b2b9f7d24b5663d9b47427fe1555bdafd3ea02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4f7a9fc9d094c0c4a66f2ad7c37b1dbe9e78f88"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/cdc_eem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f12554b0ff639e74612cc01b3b4a049e098d2d65",
"status": "affected",
"version": "9f722c0978b04acba209f8ca1896ad05814bc3a3",
"versionType": "git"
},
{
"lessThan": "14184ec5c958b589ba934da7363a2877879204df",
"status": "affected",
"version": "9f722c0978b04acba209f8ca1896ad05814bc3a3",
"versionType": "git"
},
{
"lessThan": "1bcacd6088d61c0ac6a990d87975600a81f3247e",
"status": "affected",
"version": "9f722c0978b04acba209f8ca1896ad05814bc3a3",
"versionType": "git"
},
{
"lessThan": "f4e6a7f19c82f39b1803e91c54718f0d7143767d",
"status": "affected",
"version": "9f722c0978b04acba209f8ca1896ad05814bc3a3",
"versionType": "git"
},
{
"lessThan": "81de2ed06df8b5451e050fe6a318af3263dbff3f",
"status": "affected",
"version": "9f722c0978b04acba209f8ca1896ad05814bc3a3",
"versionType": "git"
},
{
"lessThan": "05b2b9f7d24b5663d9b47427fe1555bdafd3ea02",
"status": "affected",
"version": "9f722c0978b04acba209f8ca1896ad05814bc3a3",
"versionType": "git"
},
{
"lessThan": "b4f7a9fc9d094c0c4a66f2ad7c37b1dbe9e78f88",
"status": "affected",
"version": "9f722c0978b04acba209f8ca1896ad05814bc3a3",
"versionType": "git"
},
{
"lessThan": "c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7",
"status": "affected",
"version": "9f722c0978b04acba209f8ca1896ad05814bc3a3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/cdc_eem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.196",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.128",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.274",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.274",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.238",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.196",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.128",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.46",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.13",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cdc_eem: fix tx fixup skb leak\n\nwhen usbnet transmit a skb, eem fixup it in eem_tx_fixup(),\nif skb_copy_expand() failed, it return NULL,\nusbnet_start_xmit() will have no chance to free original skb.\n\nfix it by free orginal skb in eem_tx_fixup() first,\nthen check skb clone status, if failed, return NULL to usbnet."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:50:35.712Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f12554b0ff639e74612cc01b3b4a049e098d2d65"
},
{
"url": "https://git.kernel.org/stable/c/14184ec5c958b589ba934da7363a2877879204df"
},
{
"url": "https://git.kernel.org/stable/c/1bcacd6088d61c0ac6a990d87975600a81f3247e"
},
{
"url": "https://git.kernel.org/stable/c/f4e6a7f19c82f39b1803e91c54718f0d7143767d"
},
{
"url": "https://git.kernel.org/stable/c/81de2ed06df8b5451e050fe6a318af3263dbff3f"
},
{
"url": "https://git.kernel.org/stable/c/05b2b9f7d24b5663d9b47427fe1555bdafd3ea02"
},
{
"url": "https://git.kernel.org/stable/c/b4f7a9fc9d094c0c4a66f2ad7c37b1dbe9e78f88"
},
{
"url": "https://git.kernel.org/stable/c/c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7"
}
],
"title": "net: cdc_eem: fix tx fixup skb leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47236",
"datePublished": "2024-05-21T14:19:37.724Z",
"dateReserved": "2024-04-10T18:59:19.531Z",
"dateUpdated": "2026-05-11T13:50:35.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47310 (GCVE-0-2021-47310)
Vulnerability from cvelistv5 – Published: 2024-05-21 14:35 – Updated: 2026-05-11 13:52
VLAI
EPSS
Title
net: ti: fix UAF in tlan_remove_one
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ti: fix UAF in tlan_remove_one
priv is netdev private data and it cannot be
used after free_netdev() call. Using priv after free_netdev()
can cause UAF bug. Fix it by moving free_netdev() at the end of the
function.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa , < a18a8d9cfbb112ad72e625372849adc3986fd6bf
(git)
Affected: 1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa , < c263ae8c7e4c482387de5e6c89e213f8173fe8b6 (git) Affected: 1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa , < 0538b0ab7d2c396e385694228c7cdcd2d2c514e9 (git) Affected: 1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa , < a0a817b2d308fac090a05cbbe80988e073ac5193 (git) Affected: 1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa , < b7e5563f2a7862a9e4796abb9908b092f677e3c1 (git) Affected: 1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa , < f2a062fcfe1d6f1b0a86fa76ae21c277d65f4405 (git) Affected: 1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa , < 93efab0ef2a607fff9166d447c4035f98b5db342 (git) Affected: 1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa , < 0336f8ffece62f882ab3012820965a786a983f70 (git) |
|
| Linux | Linux |
Affected:
3.10
Unaffected: 0 , < 3.10 (semver) Unaffected: 4.4.277 , ≤ 4.4.* (semver) Unaffected: 4.9.277 , ≤ 4.9.* (semver) Unaffected: 4.14.241 , ≤ 4.14.* (semver) Unaffected: 4.19.199 , ≤ 4.19.* (semver) Unaffected: 5.4.135 , ≤ 5.4.* (semver) Unaffected: 5.10.53 , ≤ 5.10.* (semver) Unaffected: 5.13.5 , ≤ 5.13.* (semver) Unaffected: 5.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:35:38.649783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:14:17.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:08.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a18a8d9cfbb112ad72e625372849adc3986fd6bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c263ae8c7e4c482387de5e6c89e213f8173fe8b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0538b0ab7d2c396e385694228c7cdcd2d2c514e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0a817b2d308fac090a05cbbe80988e073ac5193"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7e5563f2a7862a9e4796abb9908b092f677e3c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2a062fcfe1d6f1b0a86fa76ae21c277d65f4405"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93efab0ef2a607fff9166d447c4035f98b5db342"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0336f8ffece62f882ab3012820965a786a983f70"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ti/tlan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a18a8d9cfbb112ad72e625372849adc3986fd6bf",
"status": "affected",
"version": "1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa",
"versionType": "git"
},
{
"lessThan": "c263ae8c7e4c482387de5e6c89e213f8173fe8b6",
"status": "affected",
"version": "1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa",
"versionType": "git"
},
{
"lessThan": "0538b0ab7d2c396e385694228c7cdcd2d2c514e9",
"status": "affected",
"version": "1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa",
"versionType": "git"
},
{
"lessThan": "a0a817b2d308fac090a05cbbe80988e073ac5193",
"status": "affected",
"version": "1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa",
"versionType": "git"
},
{
"lessThan": "b7e5563f2a7862a9e4796abb9908b092f677e3c1",
"status": "affected",
"version": "1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa",
"versionType": "git"
},
{
"lessThan": "f2a062fcfe1d6f1b0a86fa76ae21c277d65f4405",
"status": "affected",
"version": "1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa",
"versionType": "git"
},
{
"lessThan": "93efab0ef2a607fff9166d447c4035f98b5db342",
"status": "affected",
"version": "1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa",
"versionType": "git"
},
{
"lessThan": "0336f8ffece62f882ab3012820965a786a983f70",
"status": "affected",
"version": "1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ti/tlan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.277",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.277",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.241",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.135",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.13.*",
"status": "unaffected",
"version": "5.13.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.277",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.277",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.241",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.199",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.135",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.53",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13.5",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ti: fix UAF in tlan_remove_one\n\npriv is netdev private data and it cannot be\nused after free_netdev() call. Using priv after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:52:00.968Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a18a8d9cfbb112ad72e625372849adc3986fd6bf"
},
{
"url": "https://git.kernel.org/stable/c/c263ae8c7e4c482387de5e6c89e213f8173fe8b6"
},
{
"url": "https://git.kernel.org/stable/c/0538b0ab7d2c396e385694228c7cdcd2d2c514e9"
},
{
"url": "https://git.kernel.org/stable/c/a0a817b2d308fac090a05cbbe80988e073ac5193"
},
{
"url": "https://git.kernel.org/stable/c/b7e5563f2a7862a9e4796abb9908b092f677e3c1"
},
{
"url": "https://git.kernel.org/stable/c/f2a062fcfe1d6f1b0a86fa76ae21c277d65f4405"
},
{
"url": "https://git.kernel.org/stable/c/93efab0ef2a607fff9166d447c4035f98b5db342"
},
{
"url": "https://git.kernel.org/stable/c/0336f8ffece62f882ab3012820965a786a983f70"
}
],
"title": "net: ti: fix UAF in tlan_remove_one",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47310",
"datePublished": "2024-05-21T14:35:28.649Z",
"dateReserved": "2024-05-21T14:28:16.972Z",
"dateUpdated": "2026-05-11T13:52:00.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47311 (GCVE-0-2021-47311)
Vulnerability from cvelistv5 – Published: 2024-05-21 14:35 – Updated: 2026-05-11 13:52
VLAI
EPSS
Title
net: qcom/emac: fix UAF in emac_remove
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: qcom/emac: fix UAF in emac_remove
adpt is netdev private data and it cannot be
used after free_netdev() call. Using adpt after free_netdev()
can cause UAF bug. Fix it by moving free_netdev() at the end of the
function.
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
54e19bc74f3380d414681762ceed9f7245bc6a6e , < 4d04a42b926e682140776e54188f4a44f1f01a81
(git)
Affected: 54e19bc74f3380d414681762ceed9f7245bc6a6e , < b1e091331920f8fbfc747dcbd16263fcd71abb2d (git) Affected: 54e19bc74f3380d414681762ceed9f7245bc6a6e , < 11e9d163d631198bb3eb41a677a61b499516c0f7 (git) Affected: 54e19bc74f3380d414681762ceed9f7245bc6a6e , < 2b70ca92847c619d6264c7372ef74fcbfd1e048c (git) Affected: 54e19bc74f3380d414681762ceed9f7245bc6a6e , < b560521eca03d0a2db6093a5a632cbdd0a0cf833 (git) Affected: 54e19bc74f3380d414681762ceed9f7245bc6a6e , < 8a225a6e07a57a1538d53637cb3d82bd3e477839 (git) Affected: 54e19bc74f3380d414681762ceed9f7245bc6a6e , < ad297cd2db8953e2202970e9504cab247b6c7cb4 (git) |
|
| Linux | Linux |
Affected:
4.9
Unaffected: 0 , < 4.9 (semver) Unaffected: 4.9.277 , ≤ 4.9.* (semver) Unaffected: 4.14.241 , ≤ 4.14.* (semver) Unaffected: 4.19.199 , ≤ 4.19.* (semver) Unaffected: 5.4.135 , ≤ 5.4.* (semver) Unaffected: 5.10.53 , ≤ 5.10.* (semver) Unaffected: 5.13.5 , ≤ 5.13.* (semver) Unaffected: 5.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:08.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247b6c7cb4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T18:50:38.591727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T18:50:45.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/qualcomm/emac/emac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4d04a42b926e682140776e54188f4a44f1f01a81",
"status": "affected",
"version": "54e19bc74f3380d414681762ceed9f7245bc6a6e",
"versionType": "git"
},
{
"lessThan": "b1e091331920f8fbfc747dcbd16263fcd71abb2d",
"status": "affected",
"version": "54e19bc74f3380d414681762ceed9f7245bc6a6e",
"versionType": "git"
},
{
"lessThan": "11e9d163d631198bb3eb41a677a61b499516c0f7",
"status": "affected",
"version": "54e19bc74f3380d414681762ceed9f7245bc6a6e",
"versionType": "git"
},
{
"lessThan": "2b70ca92847c619d6264c7372ef74fcbfd1e048c",
"status": "affected",
"version": "54e19bc74f3380d414681762ceed9f7245bc6a6e",
"versionType": "git"
},
{
"lessThan": "b560521eca03d0a2db6093a5a632cbdd0a0cf833",
"status": "affected",
"version": "54e19bc74f3380d414681762ceed9f7245bc6a6e",
"versionType": "git"
},
{
"lessThan": "8a225a6e07a57a1538d53637cb3d82bd3e477839",
"status": "affected",
"version": "54e19bc74f3380d414681762ceed9f7245bc6a6e",
"versionType": "git"
},
{
"lessThan": "ad297cd2db8953e2202970e9504cab247b6c7cb4",
"status": "affected",
"version": "54e19bc74f3380d414681762ceed9f7245bc6a6e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/qualcomm/emac/emac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.277",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.241",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.135",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.13.*",
"status": "unaffected",
"version": "5.13.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.277",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.241",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.199",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.135",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.53",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13.5",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qcom/emac: fix UAF in emac_remove\n\nadpt is netdev private data and it cannot be\nused after free_netdev() call. Using adpt after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:52:02.532Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81"
},
{
"url": "https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d"
},
{
"url": "https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7"
},
{
"url": "https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c"
},
{
"url": "https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833"
},
{
"url": "https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839"
},
{
"url": "https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247b6c7cb4"
}
],
"title": "net: qcom/emac: fix UAF in emac_remove",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47311",
"datePublished": "2024-05-21T14:35:29.304Z",
"dateReserved": "2024-05-21T14:28:16.973Z",
"dateUpdated": "2026-05-11T13:52:02.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47353 (GCVE-0-2021-47353)
Vulnerability from cvelistv5 – Published: 2024-05-21 14:35 – Updated: 2026-05-11 13:53
VLAI
EPSS
Title
udf: Fix NULL pointer dereference in udf_symlink function
Summary
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix NULL pointer dereference in udf_symlink function
In function udf_symlink, epos.bh is assigned with the value returned
by udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c
and returns the value of sb_getblk function that could be NULL.
Then, epos.bh is used without any check, causing a possible
NULL pointer dereference when sb_getblk fails.
This fix adds a check to validate the value of epos.bh.
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2f3d9ddd32a28803baa547e6274983b67d5e287c
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 371566f63cbd0bb6fbb25b8fe9d5798268d35af9 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < baea588a42d675e35daeaddd10fbc9700550bc4d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3638705ecd5ad2785e996f820121c0ad15ce64b5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 80d505aee6398cf8beb72475c7edcf1733c1c68b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 21bf1414580c36ffc8d8de043beb3508cf812238 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < aebed6b19e51a34003d998da5ebb1dfdd2cb1d02 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5150877e4d99f85057a458daac7cd7c01005d5c6 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fa236c2b2d4436d9f19ee4e5d5924e90ffd7bb43 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 4.4.276 , ≤ 4.4.* (semver) Unaffected: 4.9.276 , ≤ 4.9.* (semver) Unaffected: 4.14.240 , ≤ 4.14.* (semver) Unaffected: 4.19.198 , ≤ 4.19.* (semver) Unaffected: 5.4.133 , ≤ 5.4.* (semver) Unaffected: 5.10.51 , ≤ 5.10.* (semver) Unaffected: 5.12.18 , ≤ 5.12.* (semver) Unaffected: 5.13.3 , ≤ 5.13.* (semver) Unaffected: 5.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T19:03:03.353127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:14:54.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:08.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/371566f63cbd0bb6fbb25b8fe9d5798268d35af9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/baea588a42d675e35daeaddd10fbc9700550bc4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3638705ecd5ad2785e996f820121c0ad15ce64b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80d505aee6398cf8beb72475c7edcf1733c1c68b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21bf1414580c36ffc8d8de043beb3508cf812238"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aebed6b19e51a34003d998da5ebb1dfdd2cb1d02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5150877e4d99f85057a458daac7cd7c01005d5c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa236c2b2d4436d9f19ee4e5d5924e90ffd7bb43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/udf/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f3d9ddd32a28803baa547e6274983b67d5e287c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "371566f63cbd0bb6fbb25b8fe9d5798268d35af9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "baea588a42d675e35daeaddd10fbc9700550bc4d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3638705ecd5ad2785e996f820121c0ad15ce64b5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "80d505aee6398cf8beb72475c7edcf1733c1c68b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "21bf1414580c36ffc8d8de043beb3508cf812238",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "aebed6b19e51a34003d998da5ebb1dfdd2cb1d02",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5150877e4d99f85057a458daac7cd7c01005d5c6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fa236c2b2d4436d9f19ee4e5d5924e90ffd7bb43",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/udf/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.240",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.133",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.13.*",
"status": "unaffected",
"version": "5.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.276",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.276",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.240",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.198",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.133",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.51",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.18",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix NULL pointer dereference in udf_symlink function\n\nIn function udf_symlink, epos.bh is assigned with the value returned\nby udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c\nand returns the value of sb_getblk function that could be NULL.\nThen, epos.bh is used without any check, causing a possible\nNULL pointer dereference when sb_getblk fails.\n\nThis fix adds a check to validate the value of epos.bh."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:53:03.838Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c"
},
{
"url": "https://git.kernel.org/stable/c/371566f63cbd0bb6fbb25b8fe9d5798268d35af9"
},
{
"url": "https://git.kernel.org/stable/c/baea588a42d675e35daeaddd10fbc9700550bc4d"
},
{
"url": "https://git.kernel.org/stable/c/3638705ecd5ad2785e996f820121c0ad15ce64b5"
},
{
"url": "https://git.kernel.org/stable/c/80d505aee6398cf8beb72475c7edcf1733c1c68b"
},
{
"url": "https://git.kernel.org/stable/c/21bf1414580c36ffc8d8de043beb3508cf812238"
},
{
"url": "https://git.kernel.org/stable/c/aebed6b19e51a34003d998da5ebb1dfdd2cb1d02"
},
{
"url": "https://git.kernel.org/stable/c/5150877e4d99f85057a458daac7cd7c01005d5c6"
},
{
"url": "https://git.kernel.org/stable/c/fa236c2b2d4436d9f19ee4e5d5924e90ffd7bb43"
}
],
"title": "udf: Fix NULL pointer dereference in udf_symlink function",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47353",
"datePublished": "2024-05-21T14:35:57.122Z",
"dateReserved": "2024-05-21T14:28:16.986Z",
"dateUpdated": "2026-05-11T13:53:03.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47356 (GCVE-0-2021-47356)
Vulnerability from cvelistv5 – Published: 2024-05-21 14:35 – Updated: 2026-05-11 13:53
VLAI
EPSS
Title
mISDN: fix possible use-after-free in HFC_cleanup()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mISDN: fix possible use-after-free in HFC_cleanup()
This module's remove path calls del_timer(). However, that function
does not wait until the timer handler finishes. This means that the
timer handler may still be running after the driver's remove function
has finished, which would result in a use-after-free.
Fix by calling del_timer_sync(), which makes sure the timer handler
has finished, and unable to re-schedule itself.
Severity
7.7 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe
(git)
Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 54ff3202928952a100c477248e65ac6db01258a7 (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 7867ddc5f3de7f289aee63233afc0df4b62834c5 (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 5f2818185da0fe82a932f0856633038b66faf124 (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 3ecd228c636ee17c14662729737fa07242a93cb0 (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < b7ee9ae1e0cf55a037c4a99af2acc5d78cb7802d (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 61370ff07e0acc657559a8fac02551dfeb9d3020 (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < ed7c3739d0a07e2ec3ccbffe7e93cea01c438cda (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 009fc857c5f6fda81f2f7dd851b2d54193a8e733 (git) |
|
| Linux | Linux |
Affected:
2.6.29
Unaffected: 0 , < 2.6.29 (semver) Unaffected: 4.4.276 , ≤ 4.4.* (semver) Unaffected: 4.9.276 , ≤ 4.9.* (semver) Unaffected: 4.14.240 , ≤ 4.14.* (semver) Unaffected: 4.19.198 , ≤ 4.19.* (semver) Unaffected: 5.4.133 , ≤ 5.4.* (semver) Unaffected: 5.10.51 , ≤ 5.10.* (semver) Unaffected: 5.12.18 , ≤ 5.12.* (semver) Unaffected: 5.13.3 , ≤ 5.13.* (semver) Unaffected: 5.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "49331c07ef0f",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "54ff32029289",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "7867ddc5f3de",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5f2818185da0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3ecd228c636e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b7ee9ae1e0cf",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "61370ff07e0a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ed7c3739d0a0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "009fc857c5f6",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.276",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.276",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.240",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.198",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.133",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.51",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.18",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.13.*",
"status": "unaffected",
"version": "5.13.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.14"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:04:48.759363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:05:18.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:08.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54ff3202928952a100c477248e65ac6db01258a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7867ddc5f3de7f289aee63233afc0df4b62834c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f2818185da0fe82a932f0856633038b66faf124"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ecd228c636ee17c14662729737fa07242a93cb0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7ee9ae1e0cf55a037c4a99af2acc5d78cb7802d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61370ff07e0acc657559a8fac02551dfeb9d3020"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed7c3739d0a07e2ec3ccbffe7e93cea01c438cda"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/009fc857c5f6fda81f2f7dd851b2d54193a8e733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/isdn/hardware/mISDN/hfcpci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "54ff3202928952a100c477248e65ac6db01258a7",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "7867ddc5f3de7f289aee63233afc0df4b62834c5",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "5f2818185da0fe82a932f0856633038b66faf124",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "3ecd228c636ee17c14662729737fa07242a93cb0",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "b7ee9ae1e0cf55a037c4a99af2acc5d78cb7802d",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "61370ff07e0acc657559a8fac02551dfeb9d3020",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "ed7c3739d0a07e2ec3ccbffe7e93cea01c438cda",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "009fc857c5f6fda81f2f7dd851b2d54193a8e733",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/isdn/hardware/mISDN/hfcpci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.240",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.133",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.13.*",
"status": "unaffected",
"version": "5.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.276",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.276",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.240",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.198",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.133",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.51",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.18",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13.3",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix possible use-after-free in HFC_cleanup()\n\nThis module\u0027s remove path calls del_timer(). However, that function\ndoes not wait until the timer handler finishes. This means that the\ntimer handler may still be running after the driver\u0027s remove function\nhas finished, which would result in a use-after-free.\n\nFix by calling del_timer_sync(), which makes sure the timer handler\nhas finished, and unable to re-schedule itself."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:53:07.476Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe"
},
{
"url": "https://git.kernel.org/stable/c/54ff3202928952a100c477248e65ac6db01258a7"
},
{
"url": "https://git.kernel.org/stable/c/7867ddc5f3de7f289aee63233afc0df4b62834c5"
},
{
"url": "https://git.kernel.org/stable/c/5f2818185da0fe82a932f0856633038b66faf124"
},
{
"url": "https://git.kernel.org/stable/c/3ecd228c636ee17c14662729737fa07242a93cb0"
},
{
"url": "https://git.kernel.org/stable/c/b7ee9ae1e0cf55a037c4a99af2acc5d78cb7802d"
},
{
"url": "https://git.kernel.org/stable/c/61370ff07e0acc657559a8fac02551dfeb9d3020"
},
{
"url": "https://git.kernel.org/stable/c/ed7c3739d0a07e2ec3ccbffe7e93cea01c438cda"
},
{
"url": "https://git.kernel.org/stable/c/009fc857c5f6fda81f2f7dd851b2d54193a8e733"
}
],
"title": "mISDN: fix possible use-after-free in HFC_cleanup()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47356",
"datePublished": "2024-05-21T14:35:59.097Z",
"dateReserved": "2024-05-21T14:28:16.987Z",
"dateUpdated": "2026-05-11T13:53:07.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…