{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47451", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:58:30.832Z", "datePublished": "2024-05-22T06:19:42.082Z", "dateUpdated": "2025-05-04T07:11:13.363Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:11:13.363Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value\n\nCurrently, when the rule related to IDLETIMER is added, idletimer_tg timer\nstructure is initialized by kmalloc on executing idletimer_tg_create\nfunction. However, in this process timer->timer_type is not defined to\na specific value. Thus, timer->timer_type has garbage value and it occurs\nkernel panic. So, this commit fixes the panic by initializing\ntimer->timer_type using kzalloc instead of kmalloc.\n\nTest commands:\n # iptables -A OUTPUT -j IDLETIMER --timeout 1 --label test\n $ cat /sys/class/xt_idletimer/timers/test\n Killed\n\nSplat looks like:\n BUG: KASAN: user-memory-access in alarm_expires_remaining+0x49/0x70\n Read of size 8 at addr 0000002e8c7bc4c8 by task cat/917\n CPU: 12 PID: 917 Comm: cat Not tainted 5.14.0+ #3 79940a339f71eb14fc81aee1757a20d5bf13eb0e\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n dump_stack_lvl+0x6e/0x9c\n kasan_report.cold+0x112/0x117\n ? alarm_expires_remaining+0x49/0x70\n __asan_load8+0x86/0xb0\n alarm_expires_remaining+0x49/0x70\n idletimer_tg_show+0xe5/0x19b [xt_IDLETIMER 11219304af9316a21bee5ba9d58f76a6b9bccc6d]\n dev_attr_show+0x3c/0x60\n sysfs_kf_seq_show+0x11d/0x1f0\n ? device_remove_bin_file+0x20/0x20\n kernfs_seq_show+0xa4/0xb0\n seq_read_iter+0x29c/0x750\n kernfs_fop_read_iter+0x25a/0x2c0\n ? __fsnotify_parent+0x3d1/0x570\n ? iov_iter_init+0x70/0x90\n new_sync_read+0x2a7/0x3d0\n ? __x64_sys_llseek+0x230/0x230\n ? rw_verify_area+0x81/0x150\n vfs_read+0x17b/0x240\n ksys_read+0xd9/0x180\n ? vfs_write+0x460/0x460\n ? do_syscall_64+0x16/0xc0\n ? lockdep_hardirqs_on+0x79/0x120\n __x64_sys_read+0x43/0x50\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f0cdc819142\n Code: c0 e9 c2 fe ff ff 50 48 8d 3d 3a ca 0a 00 e8 f5 19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24\n RSP: 002b:00007fff28eee5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f0cdc819142\n RDX: 0000000000020000 RSI: 00007f0cdc032000 RDI: 0000000000000003\n RBP: 00007f0cdc032000 R08: 00007f0cdc031010 R09: 0000000000000000\n R10: 0000000000000022 R11: 0000000000000246 R12: 00005607e9ee31f0\n R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/xt_IDLETIMER.c"], "versions": [{"version": "68983a354a655c35d3fb204489d383a2a051fda7", "lessThan": "2a670c323055282c9b72794a491d53cef86bbeaf", "status": "affected", "versionType": "git"}, {"version": "68983a354a655c35d3fb204489d383a2a051fda7", "lessThan": "cae7cab804c943d723d52724a3aeb07a3f4a2650", "status": "affected", "versionType": "git"}, {"version": "68983a354a655c35d3fb204489d383a2a051fda7", "lessThan": "902c0b1887522a099aa4e1e6b4b476c2fe5dd13e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/xt_IDLETIMER.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.76", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14.15", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.10.76"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.14.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2a670c323055282c9b72794a491d53cef86bbeaf"}, {"url": "https://git.kernel.org/stable/c/cae7cab804c943d723d52724a3aeb07a3f4a2650"}, {"url": "https://git.kernel.org/stable/c/902c0b1887522a099aa4e1e6b4b476c2fe5dd13e"}], "title": "netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47451", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-24T19:25:32.208577Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:14:53.967Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.385Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2a670c323055282c9b72794a491d53cef86bbeaf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cae7cab804c943d723d52724a3aeb07a3f4a2650", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/902c0b1887522a099aa4e1e6b4b476c2fe5dd13e", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2a670c323055282c9b72794a491d53cef86bbeaf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cae7cab804c943d723d52724a3aeb07a3f4a2650", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/902c0b1887522a099aa4e1e6b4b476c2fe5dd13e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.385Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47451", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-24T19:25:32.208577Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-24T19:25:37.508Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "68983a354a655c35d3fb204489d383a2a051fda7", "lessThan": "2a670c323055282c9b72794a491d53cef86bbeaf", "versionType": "git"}, {"status": "affected", "version": "68983a354a655c35d3fb204489d383a2a051fda7", "lessThan": "cae7cab804c943d723d52724a3aeb07a3f4a2650", "versionType": "git"}, {"status": "affected", "version": "68983a354a655c35d3fb204489d383a2a051fda7", "lessThan": "902c0b1887522a099aa4e1e6b4b476c2fe5dd13e", "versionType": "git"}], "programFiles": ["net/netfilter/xt_IDLETIMER.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.7"}, {"status": "unaffected", "version": "0", "lessThan": "5.7", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.76", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.14.15", "versionType": "semver", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/netfilter/xt_IDLETIMER.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2a670c323055282c9b72794a491d53cef86bbeaf"}, {"url": "https://git.kernel.org/stable/c/cae7cab804c943d723d52724a3aeb07a3f4a2650"}, {"url": "https://git.kernel.org/stable/c/902c0b1887522a099aa4e1e6b4b476c2fe5dd13e"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value\n\nCurrently, when the rule related to IDLETIMER is added, idletimer_tg timer\nstructure is initialized by kmalloc on executing idletimer_tg_create\nfunction. However, in this process timer->timer_type is not defined to\na specific value. Thus, timer->timer_type has garbage value and it occurs\nkernel panic. So, this commit fixes the panic by initializing\ntimer->timer_type using kzalloc instead of kmalloc.\n\nTest commands:\n # iptables -A OUTPUT -j IDLETIMER --timeout 1 --label test\n $ cat /sys/class/xt_idletimer/timers/test\n Killed\n\nSplat looks like:\n BUG: KASAN: user-memory-access in alarm_expires_remaining+0x49/0x70\n Read of size 8 at addr 0000002e8c7bc4c8 by task cat/917\n CPU: 12 PID: 917 Comm: cat Not tainted 5.14.0+ #3 79940a339f71eb14fc81aee1757a20d5bf13eb0e\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n dump_stack_lvl+0x6e/0x9c\n kasan_report.cold+0x112/0x117\n ? alarm_expires_remaining+0x49/0x70\n __asan_load8+0x86/0xb0\n alarm_expires_remaining+0x49/0x70\n idletimer_tg_show+0xe5/0x19b [xt_IDLETIMER 11219304af9316a21bee5ba9d58f76a6b9bccc6d]\n dev_attr_show+0x3c/0x60\n sysfs_kf_seq_show+0x11d/0x1f0\n ? device_remove_bin_file+0x20/0x20\n kernfs_seq_show+0xa4/0xb0\n seq_read_iter+0x29c/0x750\n kernfs_fop_read_iter+0x25a/0x2c0\n ? __fsnotify_parent+0x3d1/0x570\n ? iov_iter_init+0x70/0x90\n new_sync_read+0x2a7/0x3d0\n ? __x64_sys_llseek+0x230/0x230\n ? rw_verify_area+0x81/0x150\n vfs_read+0x17b/0x240\n ksys_read+0xd9/0x180\n ? vfs_write+0x460/0x460\n ? do_syscall_64+0x16/0xc0\n ? lockdep_hardirqs_on+0x79/0x120\n __x64_sys_read+0x43/0x50\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f0cdc819142\n Code: c0 e9 c2 fe ff ff 50 48 8d 3d 3a ca 0a 00 e8 f5 19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24\n RSP: 002b:00007fff28eee5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f0cdc819142\n RDX: 0000000000020000 RSI: 00007f0cdc032000 RDI: 0000000000000003\n RBP: 00007f0cdc032000 R08: 00007f0cdc031010 R09: 0000000000000000\n R10: 0000000000000022 R11: 0000000000000246 R12: 00005607e9ee31f0\n R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.76", "versionStartIncluding": "5.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.14.15", "versionStartIncluding": "5.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15", "versionStartIncluding": "5.7"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:11:13.363Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47451", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:11:13.363Z", "dateReserved": "2024-05-21T14:58:30.832Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-22T06:19:42.082Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "337EB464-BC23-4BF5-B901-A933B3ABA6A7", "versionEndExcluding": "5.10.76", "versionStartIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "63BD46C4-473F-45F9-93E9-F67D955321D8", "versionEndExcluding": "5.14.15", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*", "matchCriteriaId": "AF55383D-4DF2-45DC-93F7-571F4F978EAB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*", "matchCriteriaId": "9E9481B2-8AA6-4CBD-B5D3-C10F51FF6D01", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc6:*:*:*:*:*:*", "matchCriteriaId": "EBD45831-4B79-42BC-ABC0-86870F0DEA89", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value\n\nCurrently, when the rule related to IDLETIMER is added, idletimer_tg timer\nstructure is initialized by kmalloc on executing idletimer_tg_create\nfunction. However, in this process timer->timer_type is not defined to\na specific value. Thus, timer->timer_type has garbage value and it occurs\nkernel panic. So, this commit fixes the panic by initializing\ntimer->timer_type using kzalloc instead of kmalloc.\n\nTest commands:\n # iptables -A OUTPUT -j IDLETIMER --timeout 1 --label test\n $ cat /sys/class/xt_idletimer/timers/test\n Killed\n\nSplat looks like:\n BUG: KASAN: user-memory-access in alarm_expires_remaining+0x49/0x70\n Read of size 8 at addr 0000002e8c7bc4c8 by task cat/917\n CPU: 12 PID: 917 Comm: cat Not tainted 5.14.0+ #3 79940a339f71eb14fc81aee1757a20d5bf13eb0e\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n dump_stack_lvl+0x6e/0x9c\n kasan_report.cold+0x112/0x117\n ? alarm_expires_remaining+0x49/0x70\n __asan_load8+0x86/0xb0\n alarm_expires_remaining+0x49/0x70\n idletimer_tg_show+0xe5/0x19b [xt_IDLETIMER 11219304af9316a21bee5ba9d58f76a6b9bccc6d]\n dev_attr_show+0x3c/0x60\n sysfs_kf_seq_show+0x11d/0x1f0\n ? device_remove_bin_file+0x20/0x20\n kernfs_seq_show+0xa4/0xb0\n seq_read_iter+0x29c/0x750\n kernfs_fop_read_iter+0x25a/0x2c0\n ? __fsnotify_parent+0x3d1/0x570\n ? iov_iter_init+0x70/0x90\n new_sync_read+0x2a7/0x3d0\n ? __x64_sys_llseek+0x230/0x230\n ? rw_verify_area+0x81/0x150\n vfs_read+0x17b/0x240\n ksys_read+0xd9/0x180\n ? vfs_write+0x460/0x460\n ? do_syscall_64+0x16/0xc0\n ? lockdep_hardirqs_on+0x79/0x120\n __x64_sys_read+0x43/0x50\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f0cdc819142\n Code: c0 e9 c2 fe ff ff 50 48 8d 3d 3a ca 0a 00 e8 f5 19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24\n RSP: 002b:00007fff28eee5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f0cdc819142\n RDX: 0000000000020000 RSI: 00007f0cdc032000 RDI: 0000000000000003\n RBP: 00007f0cdc032000 R08: 00007f0cdc031010 R09: 0000000000000000\n R10: 0000000000000022 R11: 0000000000000246 R12: 00005607e9ee31f0\n R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: xt_IDLETIMER: corrige el p\u00e1nico que ocurre cuando timer_type tiene valor basura Actualmente, cuando se agrega la regla relacionada con IDLETIMER, kmalloc inicializa la estructura del temporizador idletimer_tg al ejecutar la funci\u00f3n idletimer_tg_create. Sin embargo, en este proceso timer-&gt;timer_type no est\u00e1 definido en un valor espec\u00edfico. Por lo tanto, timer-&gt;timer_type tiene un valor basura y se produce un p\u00e1nico en el kernel. Entonces, esta confirmaci\u00f3n soluciona el p\u00e1nico al inicializar timer-&gt;timer_type usando kzalloc en lugar de kmalloc. Comandos de prueba: # iptables -A OUTPUT -j IDLETIMER --timeout 1 --label test $ cat /sys/class/xt_idletimer/timers/test Killed Splat se ve as\u00ed: ERROR: KASAN: acceso a memoria de usuario en alarm_expires_remaining+0x49/ 0x70 Lectura del tama\u00f1o 8 en la direcci\u00f3n 0000002e8c7bc4c8 por tarea cat/917 CPU: 12 PID: 917 Comm: cat Not tainted 5.14.0+ #3 79940a339f71eb14fc81aee1757a20d5bf13eb0e Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 009), BIOS 1.13.0- 1ubuntu1.1 01/04/2014 Seguimiento de llamadas: dump_stack_lvl+0x6e/0x9c kasan_report.cold+0x112/0x117 ? alarm_expires_remaining+0x49/0x70 __asan_load8+0x86/0xb0 alarm_expires_remaining+0x49/0x70 idletimer_tg_show+0xe5/0x19b [xt_IDLETIMER 11219304af9316a21bee5ba9d58f76a6b9bccc6d] tr_show+0x3c/0x60 sysfs_kf_seq_show+0x11d/0x1f0 ? device_remove_bin_file+0x20/0x20 kernfs_seq_show+0xa4/0xb0 seq_read_iter+0x29c/0x750 kernfs_fop_read_iter+0x25a/0x2c0 ? __fsnotify_parent+0x3d1/0x570? iov_iter_init+0x70/0x90 new_sync_read+0x2a7/0x3d0? __x64_sys_llseek+0x230/0x230 ? rw_verify_area+0x81/0x150 vfs_read+0x17b/0x240 ksys_read+0xd9/0x180 ? vfs_write+0x460/0x460? do_syscall_64+0x16/0xc0? lockdep_hardirqs_on+0x79/0x120 __x64_sys_read+0x43/0x50 do_syscall_64+0x3b/0xc0 Entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f0cdc819142 C\u00f3digo: c0 e9 c2 fe ff ff 50 48 8d 3d 3a ca 0a 00 e8 f5 19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 &lt;48&gt; 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24 RSP: :00007fff28eee5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 000000000020000 RCX: 00007f0cdc819142 RDX: 0000000000020000 RSI: 00007f0cdc03200 0 RDI: 0000000000000003 RBP: 00007f0cdc032000 R08: 00007f0cdc031010 R09: 0000000000000000 R10: 0000000000000022 R11: 00000000000000246 R 12: 00005607e9ee31f0 R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000"}], "id": "CVE-2021-47451", "lastModified": "2025-09-24T01:18:15.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-22T07:15:10.220", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2a670c323055282c9b72794a491d53cef86bbeaf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/902c0b1887522a099aa4e1e6b4b476c2fe5dd13e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cae7cab804c943d723d52724a3aeb07a3f4a2650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2a670c323055282c9b72794a491d53cef86bbeaf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/902c0b1887522a099aa4e1e6b4b476c2fe5dd13e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cae7cab804c943d723d52724a3aeb07a3f4a2650"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value", "id": "2282907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282907"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-457", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value\nCurrently, when the rule related to IDLETIMER is added, idletimer_tg timer\nstructure is initialized by kmalloc on executing idletimer_tg_create\nfunction. However, in this process timer->timer_type is not defined to\na specific value. Thus, timer->timer_type has garbage value and it occurs\nkernel panic. So, this commit fixes the panic by initializing\ntimer->timer_type using kzalloc instead of kmalloc.\nTest commands:\n# iptables -A OUTPUT -j IDLETIMER --timeout 1 --label test\n$ cat /sys/class/xt_idletimer/timers/test\nKilled\nSplat looks like:\nBUG: KASAN: user-memory-access in alarm_expires_remaining+0x49/0x70\nRead of size 8 at addr 0000002e8c7bc4c8 by task cat/917\nCPU: 12 PID: 917 Comm: cat Not tainted 5.14.0+ #3 79940a339f71eb14fc81aee1757a20d5bf13eb0e\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\ndump_stack_lvl+0x6e/0x9c\nkasan_report.cold+0x112/0x117\n? alarm_expires_remaining+0x49/0x70\n__asan_load8+0x86/0xb0\nalarm_expires_remaining+0x49/0x70\nidletimer_tg_show+0xe5/0x19b [xt_IDLETIMER 11219304af9316a21bee5ba9d58f76a6b9bccc6d]\ndev_attr_show+0x3c/0x60\nsysfs_kf_seq_show+0x11d/0x1f0\n? device_remove_bin_file+0x20/0x20\nkernfs_seq_show+0xa4/0xb0\nseq_read_iter+0x29c/0x750\nkernfs_fop_read_iter+0x25a/0x2c0\n? __fsnotify_parent+0x3d1/0x570\n? iov_iter_init+0x70/0x90\nnew_sync_read+0x2a7/0x3d0\n? __x64_sys_llseek+0x230/0x230\n? rw_verify_area+0x81/0x150\nvfs_read+0x17b/0x240\nksys_read+0xd9/0x180\n? vfs_write+0x460/0x460\n? do_syscall_64+0x16/0xc0\n? lockdep_hardirqs_on+0x79/0x120\n__x64_sys_read+0x43/0x50\ndo_syscall_64+0x3b/0xc0\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f0cdc819142\nCode: c0 e9 c2 fe ff ff 50 48 8d 3d 3a ca 0a 00 e8 f5 19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24\nRSP: 002b:00007fff28eee5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f0cdc819142\nRDX: 0000000000020000 RSI: 00007f0cdc032000 RDI: 0000000000000003\nRBP: 00007f0cdc032000 R08: 00007f0cdc031010 R09: 0000000000000000\nR10: 0000000000000022 R11: 0000000000000246 R12: 00005607e9ee31f0\nR13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-47451", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47451\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47451\nhttps://lore.kernel.org/linux-cve-announce/2024052242-CVE-2021-47451-72c7@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}

{"created": "2025-07-12T22:16:08.291776+00:00", "updated": "2025-07-12T22:16:08.291833+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}