CVE-2021-47427

HIGH

Linux Kernel 5.14-5.14.11 - Use-After-Free in iSCSI Task Abort Handler

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix iscsi_task use after free Commit d39df158518c ("scsi: iscsi: Have abort handler get ref to conn") added iscsi_get_conn()/iscsi_put_conn() calls during abort handling but then also changed the handling of the case where we detect an already completed task where we now end up doing a goto to the common put/cleanup code. This results in a iscsi_task use after free, because the common cleanup code will do a put on the iscsi_task. This reverts the goto and moves the iscsi_get_conn() to after we've checked if the iscsi_task is valid.

Scores

CVSS v3 7.8
EPSS 0.0022
EPSS Percentile 12.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (8)
Linux/Linux < 5.14
Linux/Linux 5.14
Linux/Linux 5.14.12 - 5.14.*
Linux/Linux 5.15
Linux/Linux d39df158518ccc3bf24ee18082b5e100c8f014aa - 1642f51ac0d4f2b55d5748094c49ff8f7191b93c
Linux/Linux d39df158518ccc3bf24ee18082b5e100c8f014aa - 258aad75c62146453d03028a44f2f1590d58e1f6
linux/linux_kernel 5.15 rc1 (4 CPE variants)
linux/linux_kernel 5.14 - 5.14.12
Published May 21, 2024
Tracked Since Feb 18, 2026