CVE-2021-47088

HIGH

Linux Kernel 5.15-5.15.11 - Use-After-Free in DAMON DebugFS Target Destruction

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: protect targets destructions with kdamond_lock DAMON debugfs interface iterates current monitoring targets in 'dbgfs_target_ids_read()' while holding the corresponding 'kdamond_lock'. However, it also destructs the monitoring targets in 'dbgfs_before_terminate()' without holding the lock. This can result in a use_after_free bug. This commit avoids the race by protecting the destruction with the corresponding 'kdamond_lock'.

Scores

CVSS v3 7.0
EPSS 0.0021
EPSS Percentile 11.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (8)
Linux/Linux < 5.15
Linux/Linux 4bc05954d0076655cfaf6f0135585bdc20cd6b11 - 330c6117a82c16a9a365a51cec5c9ab30b13245c
Linux/Linux 4bc05954d0076655cfaf6f0135585bdc20cd6b11 - 34796417964b8d0aef45a99cf6c2d20cebe33733
Linux/Linux 5.15
Linux/Linux 5.15.12 - 5.15.*
Linux/Linux 5.16
linux/linux_kernel 5.16 rc1 (6 CPE variants)
linux/linux_kernel 5.15 - 5.15.12
Published Mar 04, 2024
Tracked Since Feb 18, 2026