CVE-2021-47088
HIGHLinux Kernel 5.15-5.15.11 - Use-After-Free in DAMON DebugFS Target Destruction
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: protect targets destructions with kdamond_lock DAMON debugfs interface iterates current monitoring targets in 'dbgfs_target_ids_read()' while holding the corresponding 'kdamond_lock'. However, it also destructs the monitoring targets in 'dbgfs_before_terminate()' without holding the lock. This can result in a use_after_free bug. This commit avoids the race by protecting the destruction with the corresponding 'kdamond_lock'.
References (2)
Core 2
Scores
CVSS v3
7.0
EPSS
0.0021
EPSS Percentile
11.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (8)
Linux/Linux
< 5.15
Linux/Linux
4bc05954d0076655cfaf6f0135585bdc20cd6b11 - 330c6117a82c16a9a365a51cec5c9ab30b13245c
Linux/Linux
4bc05954d0076655cfaf6f0135585bdc20cd6b11 - 34796417964b8d0aef45a99cf6c2d20cebe33733
Linux/Linux
5.15
Linux/Linux
5.15.12 - 5.15.*
Linux/Linux
5.16
linux/linux_kernel
5.16 rc1 (6 CPE variants)
linux/linux_kernel
5.15 - 5.15.12
Published
Mar 04, 2024
Tracked Since
Feb 18, 2026