CVE-2021-47323: watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
First published: Tue May 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Kernel-devel | ||
| Linux Kernel | <4.4.276 | |
| Linux Kernel | >=4.5<4.9.276 | |
| Linux Kernel | >=4.10<4.14.240 | |
| Linux Kernel | >=4.15<4.19.198 | |
| Linux Kernel | >=4.20<5.4.134 | |
| Linux Kernel | >=5.5<5.10.52 | |
| Linux Kernel | >=5.11<5.12.19 | |
| Linux Kernel | >=5.13<5.13.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/0015581a79bbf8e521f85dddb7d3e4a66b9f51d4
- https://git.kernel.org/stable/c/b4565a8a2d6bffb05bfbec11399d261ec16fe373
- https://git.kernel.org/stable/c/2aef07017fae21c3d8acea9656b10e3b9c0f1e04
- https://git.kernel.org/stable/c/522e75ed63f67e815d4ec0deace67df22d9ce78e
- https://git.kernel.org/stable/c/7c56c5508dc20a6b133bc669fc34327a6711c24c
- https://git.kernel.org/stable/c/a173e3b62cf6dd3c4a0a10c8a82eedfcae81a566
- https://git.kernel.org/stable/c/b3c41ea5bc34d8c7b19e230d80e0e555c6f5057d
- https://git.kernel.org/stable/c/f0feab82f6a0323f54d85e8b512a2be64f83648a
- https://git.kernel.org/stable/c/90b7c141132244e8e49a34a4c1e445cce33e07f4
Frequently Asked Questions
What is the severity of CVE-2021-47323?
CVE-2021-47323 has a severity rating of medium due to the potential for a use-after-free vulnerability in the Linux kernel's watchdog module.
How do I fix CVE-2021-47323?
To fix CVE-2021-47323, users should update to the latest version of the Linux kernel where the vulnerability has been resolved.
What software is affected by CVE-2021-47323?
CVE-2021-47323 affects the Linux kernel, specifically the watchdog: sc520_wdt module.
What are the potential impacts of CVE-2021-47323?
If exploited, CVE-2021-47323 could lead to a denial of service or potentially other consequences due to improper handling of timer operations.
When was CVE-2021-47323 announced?
CVE-2021-47323 was announced in late 2021 as part of ongoing security updates for the Linux kernel.
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- vendor/linux
- canonical/red hat kernel-devel
- canonical/linux kernel
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.13