CVE-2021-47323

2024-05-2212:28:28

redhat.com

access.redhat.com

cve-2021-47323

linux kernel

watchdog module

use-after-free

vulnerability

fix

del_timer_sync

remove path

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

Percentile

13.0%

JSON

A vulnerability was found in the wdt_turnoff() function in the Linux kernel’s watchdog module. This issue arises when the module’s remove process calls del_timer(), which does not wait for the timer handler to finish. Consequently, the handler may still be running after the driver is removed, leading to a potential use-after-free issue.

Mitigation

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.