CVE-2021-47294

MEDIUM

Linux Kernel 4.4.173-4.4.277 - Use-After-Free in NetROM Sock Timer Handler

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: netrom: Decrease sock refcount when sock timers expire Commit 63346650c1a9 ("netrom: switch to sock timer API") switched to use sock timer API. It replaces mod_timer() by sk_reset_timer(), and del_timer() by sk_stop_timer(). Function sk_reset_timer() will increase the refcount of sock if it is called on an inactive timer, hence, in case the timer expires, we need to decrease the refcount ourselves in the handler, otherwise, the sock refcount will be unbalanced and the sock will never be freed.

References (8)

Core 8

Scores

CVSS v3 5.5
EPSS 0.0028
EPSS Percentile 19.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-672
Status published
Products (30)
Linux/Linux < 5.0
Linux/Linux 0adf571fa34b27bd0b97b408cc0f0dc54b72f0eb - 48866fd5c361ea417ed24b43fc2a7dc2f5b060ef
Linux/Linux 2c6b572458a9127e8070df13fa7f115c29ab1d92 - 9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950
Linux/Linux 3.18.134 - 3.19
Linux/Linux 4.14.241 - 4.14.*
Linux/Linux 4.14.98 - 4.14.241
Linux/Linux 4.19.199 - 4.19.*
Linux/Linux 4.19.20 - 4.19.199
Linux/Linux 4.20.7 - 4.21
Linux/Linux 4.4.173 - 4.4.277
... and 20 more
Published May 21, 2024
Tracked Since Feb 18, 2026