CVE-2021-47355: atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
First published: Tue May 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fix possible use-after-free in nicstar_cleanup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <4.4.276 | |
| Linux Kernel | >=4.5<4.9.276 | |
| Linux Kernel | >=4.10<4.14.240 | |
| Linux Kernel | >=4.15<4.19.198 | |
| Linux Kernel | >=4.20<5.4.133 | |
| Linux Kernel | >=5.5<5.10.51 | |
| Linux Kernel | >=5.11<5.12.18 | |
| Linux Kernel | >=5.13<5.13.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/99779c9d9ffc7775da6f7fd8a7c93ac61657bed5
- https://git.kernel.org/stable/c/4e2a0848ea2cab0716d46f85a8ccd5fa9a493e51
- https://git.kernel.org/stable/c/c471569632654e57c83512e0fc1ba0dbb4544ad6
- https://git.kernel.org/stable/c/a7a7b2848312cc4c3a42b6e42a8ab2e441857aba
- https://git.kernel.org/stable/c/bdf5334250c69fabf555b7322c75249ea7d5f148
- https://git.kernel.org/stable/c/a7f7c42e31157d1f0871d6a8e1a0b73a6b4ea785
- https://git.kernel.org/stable/c/2f958b6f6ba0854b39be748d21dfe71e0fe6580f
- https://git.kernel.org/stable/c/5b991df8881088448cb223e769e37cab8dd40706
- https://git.kernel.org/stable/c/34e7434ba4e97f4b85c1423a59b2922ba7dff2ea
Frequently Asked Questions
What is the severity of CVE-2021-47355?
CVE-2021-47355 has been classified with a medium severity level.
How do I fix CVE-2021-47355?
To fix CVE-2021-47355, upgrade the Linux kernel to a version that has addressed this vulnerability.
What is the impact of CVE-2021-47355?
The impact of CVE-2021-47355 can include potential use-after-free conditions, leading to system instability or exploitation.
Which versions of the Linux kernel are affected by CVE-2021-47355?
CVE-2021-47355 affects multiple versions of the Linux kernel ranging from 4.4 to versions prior to 5.13.
Is CVE-2021-47355 publicly known?
Yes, CVE-2021-47355 is a publicly known vulnerability in the Linux kernel.
- agent/title
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.13