| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052132-CVE-2021-47321-1b9b@gregkh> Date: Tue, 21 May 2024 16:35:55 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47321: watchdog: Fix possible use-after-free by calling del_timer_sync() Description =========== In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free by calling del_timer_sync() This driver's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. The Linux kernel CVE team has assigned CVE-2021-47321 to this issue. Affected and fixed versions =========================== Fixed in 4.4.276 with commit 58606882ad8e Fixed in 4.9.276 with commit ca96b8ea5e74 Fixed in 4.14.240 with commit 8bec568d7518 Fixed in 4.19.198 with commit ecd620e0fb1f Fixed in 5.4.134 with commit db222f1477ad Fixed in 5.10.52 with commit 66ba9cf929b1 Fixed in 5.12.19 with commit 4c05dac488a6 Fixed in 5.13.4 with commit 1a053c4d7168 Fixed in 5.14 with commit d0212f095ab5 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47321 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/watchdog/lpc18xx_wdt.c drivers/watchdog/w83877f_wdt.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/58606882ad8ec6c39e0f40344b922921ef94ab4d https://git.kernel.org/stable/c/ca96b8ea5e74956071154bdb456778cc3027e79f https://git.kernel.org/stable/c/8bec568d7518b1504a602ed5376bb322e4dbb270 https://git.kernel.org/stable/c/ecd620e0fb1ff7f78fdb593379b2e6938c99707a https://git.kernel.org/stable/c/db222f1477ad5692cd454709b714949807e5d111 https://git.kernel.org/stable/c/66ba9cf929b1c4fabf545bd4c18f6f64e23e46e4 https://git.kernel.org/stable/c/4c05dac488a660fe2925c047ecb119e7afaaeb1e https://git.kernel.org/stable/c/1a053c4d716898a53c2e31c574a70ea0c37044a3 https://git.kernel.org/stable/c/d0212f095ab56672f6f36aabc605bda205e1e0bf
Powered by blists - more mailing lists