In the Linux kernel, the following vulnerability has been resolved:

blktrace: Fix uaf in blk_trace access after removing by sysfs

There is an use-after-free problem triggered by following process:

P1(sda) P2(sdb)
echo 0 > /sys/block/sdb/trace/enable
blk_trace_remove_queue
synchronize_rcu
blk_trace_free
relay_close
rcu_read_lock
__blk_add_trace
trace_note_tsk
(Iterate running_trace_list)
relay_close_buf
relay_destroy_buf
kfree(buf)
trace_note(sdb's bt)
relay_reserve
buf->offset <- nullptr deference (use-after-free) !!!
rcu_read_unlock

[ 502.714379] BUG: kernel NULL pointer dereference, address:
0000000000000010
[ 502.715260] #PF: supervisor read access in kernel mode
[ 502.715903] #PF: error_code(0x0000) - not-present page
[ 502.716546] PGD 103984067 P4D 103984067 PUD 17592b067 PMD 0
[ 502.717252] Oops: 0000 [#1] SMP
[ 502.720308] RIP: 0010:trace_note.isra.0+0x86/0x360
[ 502.732872] Call Trace:
[ 502.733193] __blk_add_trace.cold+0x137/0x1a3
[ 502.733734] blk_add_trace_rq+0x7b/0xd0
[ 502.734207] blk_add_trace_rq_issue+0x54/0xa0
[ 502.734755] blk_mq_start_request+0xde/0x1b0
[ 502.735287] scsi_queue_rq+0x528/0x1140
...
[ 502.742704] sg_new_write.isra.0+0x16e/0x3e0
[ 502.747501] sg_ioctl+0x466/0x1100

Reproduce method:
ioctl(/dev/sda, BLKTRACESETUP, blk_user_trace_setup[buf_size=127])
ioctl(/dev/sda, BLKTRACESTART)
ioctl(/dev/sdb, BLKTRACESETUP, blk_user_trace_setup[buf_size=127])
ioctl(/dev/sdb, BLKTRACESTART)

echo 0 > /sys/block/sdb/trace/enable &
// Add delay(mdelay/msleep) before kernel enters blk_trace_free()

ioctl$SG_IO(/dev/sda, SG_IO, ...)
// Enters trace_note_tsk() after blk_trace_free() returned
// Use mdelay in rcu region rather than msleep(which may schedule out)

Remove blk_trace from running_list before calling blk_trace_free() by
sysfs if blk_trace is at Blktrace_running state.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00007.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
c71a896154119f4ca9e89d6078f5f63ad60ef199 affected < 488da313edf3abea7f7733efe011c96b23740ab5
c71a896154119f4ca9e89d6078f5f63ad60ef199 affected < dacfd5e4d1142bfb3809aab3634a375f6f373269
c71a896154119f4ca9e89d6078f5f63ad60ef199 affected < d56171d9360c0170c5c5f8f7e2362a2e999eca40
c71a896154119f4ca9e89d6078f5f63ad60ef199 affected < 677e362ba807f3aafe6f405c07e0b37244da5222
c71a896154119f4ca9e89d6078f5f63ad60ef199 affected < ebb8d26d93c3ec3c7576c52a8373a2309423c069
c71a896154119f4ca9e89d6078f5f63ad60ef199 affected < 3815fe7371d2411ce164281cef40d9fc7b323dee
c71a896154119f4ca9e89d6078f5f63ad60ef199 affected < a5f8e86192612d0183047448d8bbe7918b3f1a26
c71a896154119f4ca9e89d6078f5f63ad60ef199 affected < 5afedf670caf30a2b5a52da96eb7eac7dee6a9c9
Linux Linux affected
Version Status Constraints
2.6.30 affected
0 unaffected < 2.6.30
4.4.286 unaffected ≤ 4.4.*
4.9.285 unaffected ≤ 4.9.*
4.14.249 unaffected ≤ 4.14.*
4.19.209 unaffected ≤ 4.19.*
5.4.150 unaffected ≤ 5.4.*
5.10.70 unaffected ≤ 5.10.*
5.14.9 unaffected ≤ 5.14.*
5.15 unaffected ≤ *

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/3815fe7371d2411ce164281cef40d9fc7b323dee cve-icon cve-icon
https://git.kernel.org/stable/c/488da313edf3abea7f7733efe011c96b23740ab5 cve-icon cve-icon
https://git.kernel.org/stable/c/5afedf670caf30a2b5a52da96eb7eac7dee6a9c9 cve-icon cve-icon
https://git.kernel.org/stable/c/677e362ba807f3aafe6f405c07e0b37244da5222 cve-icon cve-icon
https://git.kernel.org/stable/c/a5f8e86192612d0183047448d8bbe7918b3f1a26 cve-icon cve-icon
https://git.kernel.org/stable/c/d56171d9360c0170c5c5f8f7e2362a2e999eca40 cve-icon cve-icon
https://git.kernel.org/stable/c/dacfd5e4d1142bfb3809aab3634a375f6f373269 cve-icon cve-icon
https://git.kernel.org/stable/c/ebb8d26d93c3ec3c7576c52a8373a2309423c069 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024052141-CVE-2021-47375-8849@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-47375 cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-47375 cve-icon
History

Wed, 02 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Sun, 27 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H'}

 cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-05-04T07:09:38.500Z

Reserved: 2024-05-21T14:58:30.811Z

Link: CVE-2021-47375

cve-icon Vulnrichment

Updated: 2024-08-04T05:32:08.654Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-21T15:15:23.290

Modified: 2025-04-02T14:53:06.550

Link: CVE-2021-47375

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47375 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses