CVE-2021-47294
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/05/2024
Last modified:
23/06/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
netrom: Decrease sock refcount when sock timers expire<br />
<br />
Commit 63346650c1a9 ("netrom: switch to sock timer API") switched to use<br />
sock timer API. It replaces mod_timer() by sk_reset_timer(), and<br />
del_timer() by sk_stop_timer().<br />
<br />
Function sk_reset_timer() will increase the refcount of sock if it is<br />
called on an inactive timer, hence, in case the timer expires, we need to<br />
decrease the refcount ourselves in the handler, otherwise, the sock<br />
refcount will be unbalanced and the sock will never be freed.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.4.173 (including) | 4.4.277 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.9.155 (including) | 4.9.277 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.98 (including) | 4.14.241 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.20 (including) | 4.19.199 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.0 (including) | 5.4.136 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.54 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.13.6 (excluding) |
| cpe:2.3:o:linux:linux_kernel:3.18.134:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.20.7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3
- https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef
- https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8
- https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a
- https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29
- https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950
- https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf
- https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250
- https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3
- https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef
- https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8
- https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a
- https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29
- https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950
- https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf
- https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250