In the Linux kernel, the following vulnerability has been resolved:
udp: fix race between close() and udp_abort()
Kaustubh reported and diagnosed a panic in udp_lib_lookup().
The root cause is udp_abort() racing with close(). Both
racing functions acquire the socket lock, but udp{v6}_destroy_sock()
release it before performing destructive actions.
We can't easily extend the socket lock scope to avoid the race,
instead use the SOCK_DEAD flag to prevent udp_abort from doing
any action when the critical race happens.
Diagnosed-and-tested-by: Kaustubh Pandey <kapandey@codeaurora.org>
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-05-21T14:19:45.588Z
Updated: 2024-08-04T05:32:07.937Z
Reserved: 2024-04-10T18:59:19.536Z
Link: CVE-2021-47248
Vulnrichment
Updated: 2024-08-04T05:32:07.937Z
NVD
Status : Awaiting Analysis
Published: 2024-05-21T15:15:13.780
Modified: 2024-05-21T16:54:26.047
Link: CVE-2021-47248
Redhat