CVE-2021-47123

Published: Mar 15, 2024Modified: Jan 14, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix ltout double free on completion race Always remove linked timeout on io_link_timeout_fn() from the master request link list, otherwise we may get use-after-free when first io_link_timeout_fn() puts linked timeout in the fail path, and then will be found and put on master's free.

Affected (2)

Products: Linux: Linux Kernel

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.11 to 5.12.10
Linux Linux Kernel	Version 5.13 rc1

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (4)

https://git.kernel.org/stable/c/1f64f5e903b9d1d157875721e02adadc9d6f0a5d

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/447c19f3b5074409c794b350b10306e1da1ef4ba

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/1f64f5e903b9d1d157875721e02adadc9d6f0a5d

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/447c19f3b5074409c794b350b10306e1da1ef4ba

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.