CVE-2021-47294 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: netrom: Decrease sock refcount when sock timers expire Commit 63346650c1a9 ("netrom: switch to sock timer API") switched to use sock timer API. It replaces mod_timer() by sk_reset_timer(), and del_timer() by sk_stop_timer(). Function sk_reset_timer() will increase the refcount of sock if it is called on an inactive timer, hence, in case the timer expires, we need to decrease the refcount ourselves in the handler, otherwise, the sock refcount will be unbalanced and the sock will never be freed.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3
https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef
https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8
https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a
https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29
https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950
https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf
https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250
https://lore.kernel.org/linux-cve-announce/2024052123-CVE-2021-47294-76ec@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47294
https://www.cve.org/CVERecord?id=CVE-2021-47294

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T14:35:18.034Z

Updated: 2024-08-04T05:32:08.527Z

Reserved: 2024-05-21T13:27:52.130Z

Link: CVE-2021-47294

Vulnrichment

Updated: 2024-08-04T05:32:08.527Z

NVD

Status : Awaiting Analysis

Published: 2024-05-21T15:15:17.323

Modified: 2024-05-21T16:54:26.047

Link: CVE-2021-47294

Redhat

Severity : Moderate

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47294 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47294", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T13:27:52.130Z", "datePublished": "2024-05-21T14:35:18.034Z", "dateUpdated": "2024-08-04T05:32:08.527Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:05:26.412Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Decrease sock refcount when sock timers expire\n\nCommit 63346650c1a9 (\"netrom: switch to sock timer API\") switched to use\nsock timer API. It replaces mod_timer() by sk_reset_timer(), and\ndel_timer() by sk_stop_timer().\n\nFunction sk_reset_timer() will increase the refcount of sock if it is\ncalled on an inactive timer, hence, in case the timer expires, we need to\ndecrease the refcount ourselves in the handler, otherwise, the sock\nrefcount will be unbalanced and the sock will never be freed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netrom/nr_timer.c"], "versions": [{"version": "ce29e8a259de", "lessThan": "853262355518", "status": "affected", "versionType": "git"}, {"version": "baa9e32336bf", "lessThan": "a01634bf91f2", "status": "affected", "versionType": "git"}, {"version": "0adf571fa34b", "lessThan": "48866fd5c361", "status": "affected", "versionType": "git"}, {"version": "2c6b572458a9", "lessThan": "9619cc7d97c3", "status": "affected", "versionType": "git"}, {"version": "63346650c1a9", "lessThan": "25df44e90ff5", "status": "affected", "versionType": "git"}, {"version": "63346650c1a9", "lessThan": "6811744bd0ef", "status": "affected", "versionType": "git"}, {"version": "63346650c1a9", "lessThan": "bc1660206c37", "status": "affected", "versionType": "git"}, {"version": "63346650c1a9", "lessThan": "517a16b1a88b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netrom/nr_timer.c"], "versions": [{"version": "5.0", "status": "affected"}, {"version": "0", "lessThan": "5.0", "status": "unaffected", "versionType": "custom"}, {"version": "4.4.277", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.9.277", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.14.241", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.199", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.136", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.54", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.13.6", "lessThanOrEqual": "5.13.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29"}, {"url": "https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf"}, {"url": "https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef"}, {"url": "https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950"}, {"url": "https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3"}, {"url": "https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a"}, {"url": "https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250"}, {"url": "https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8"}], "title": "netrom: Decrease sock refcount when sock timers expire", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47294", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T19:24:54.424642Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:14:49.177Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.527Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.527Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47294", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T19:24:54.424642Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T19:25:07.753Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "netrom: Decrease sock refcount when sock timers expire", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "ce29e8a259de", "lessThan": "853262355518", "versionType": "git"}, {"status": "affected", "version": "baa9e32336bf", "lessThan": "a01634bf91f2", "versionType": "git"}, {"status": "affected", "version": "0adf571fa34b", "lessThan": "48866fd5c361", "versionType": "git"}, {"status": "affected", "version": "2c6b572458a9", "lessThan": "9619cc7d97c3", "versionType": "git"}, {"status": "affected", "version": "63346650c1a9", "lessThan": "25df44e90ff5", "versionType": "git"}, {"status": "affected", "version": "63346650c1a9", "lessThan": "6811744bd0ef", "versionType": "git"}, {"status": "affected", "version": "63346650c1a9", "lessThan": "bc1660206c37", "versionType": "git"}, {"status": "affected", "version": "63346650c1a9", "lessThan": "517a16b1a88b", "versionType": "git"}], "programFiles": ["net/netrom/nr_timer.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.0"}, {"status": "unaffected", "version": "0", "lessThan": "5.0", "versionType": "custom"}, {"status": "unaffected", "version": "4.4.277", "versionType": "custom", "lessThanOrEqual": "4.4.*"}, {"status": "unaffected", "version": "4.9.277", "versionType": "custom", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.241", "versionType": "custom", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.199", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.136", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.54", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.13.6", "versionType": "custom", "lessThanOrEqual": "5.13.*"}, {"status": "unaffected", "version": "5.14", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/netrom/nr_timer.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29"}, {"url": "https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf"}, {"url": "https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef"}, {"url": "https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950"}, {"url": "https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3"}, {"url": "https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a"}, {"url": "https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250"}, {"url": "https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Decrease sock refcount when sock timers expire\n\nCommit 63346650c1a9 (\"netrom: switch to sock timer API\") switched to use\nsock timer API. It replaces mod_timer() by sk_reset_timer(), and\ndel_timer() by sk_stop_timer().\n\nFunction sk_reset_timer() will increase the refcount of sock if it is\ncalled on an inactive timer, hence, in case the timer expires, we need to\ndecrease the refcount ourselves in the handler, otherwise, the sock\nrefcount will be unbalanced and the sock will never be freed."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:05:26.412Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47294", "state": "PUBLISHED", "dateUpdated": "2024-08-04T05:32:08.527Z", "dateReserved": "2024-05-21T13:27:52.130Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:35:18.034Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Decrease sock refcount when sock timers expire\n\nCommit 63346650c1a9 (\"netrom: switch to sock timer API\") switched to use\nsock timer API. It replaces mod_timer() by sk_reset_timer(), and\ndel_timer() by sk_stop_timer().\n\nFunction sk_reset_timer() will increase the refcount of sock if it is\ncalled on an inactive timer, hence, in case the timer expires, we need to\ndecrease the refcount ourselves in the handler, otherwise, the sock\nrefcount will be unbalanced and the sock will never be freed."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netrom: Disminuir el recuento de sock cuando caducan los temporizadores de sock. La confirmaci\u00f3n 63346650c1a9 (\"netrom: cambiar a API de temporizador de sock\") cambi\u00f3 para usar la API de temporizador de sock. Reemplaza mod_timer() por sk_reset_timer() y del_timer() por sk_stop_timer(). La funci\u00f3n sk_reset_timer() aumentar\u00e1 el recuento del sock si se llama en un temporizador inactivo, por lo tanto, en caso de que el temporizador expire, debemos disminuir el recuento nosotros mismos en el controlador; de lo contrario, el recuento del calcet\u00edn se desequilibrar\u00e1 y el sock nunca ser\u00e1 liberado."}], "id": "CVE-2021-47294", "lastModified": "2024-05-21T16:54:26.047", "metrics": {}, "published": "2024-05-21T15:15:17.323", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: netrom: Decrease sock refcount when sock timers expire", "id": "2282502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282502"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetrom: Decrease sock refcount when sock timers expire\nCommit 63346650c1a9 (\"netrom: switch to sock timer API\") switched to use\nsock timer API. It replaces mod_timer() by sk_reset_timer(), and\ndel_timer() by sk_stop_timer().\nFunction sk_reset_timer() will increase the refcount of sock if it is\ncalled on an inactive timer, hence, in case the timer expires, we need to\ndecrease the refcount ourselves in the handler, otherwise, the sock\nrefcount will be unbalanced and the sock will never be freed.", "A vulnerability was found in the Linux kernel's NetRom subsystem. This issue arises when socket timers expire, if the timer handler does not decrease the socket reference count as needed, the socket reference count becomes unbalanced. This can result in the socket not being freed properly, potentially leading to resource leaks and degraded system performance."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47294", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47294\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47294\nhttps://lore.kernel.org/linux-cve-announce/2024052123-CVE-2021-47294-76ec@gregkh/T"], "statement": "None of the products shipped by Red Hat are affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.4.277, kernel 4.9.277, kernel 4.14.241, kernel 4.19.199, kernel 5.4.136, kernel 5.10.54, kernel 5.13.6, kernel 5.14"}