In the Linux kernel, the following vulnerability has been resolved:

io-wq: check for wq exit after adding new worker task_work

We check IO_WQ_BIT_EXIT before attempting to create a new worker, and
wq exit cancels pending work if we have any. But it's possible to have
a race between the two, where creation checks exit finding it not set,
but we're in the process of exiting. The exit side will cancel pending
creation task_work, but there's a gap where we add task_work after we've
canceled existing creations at exit time.

Fix this by checking the EXIT bit post adding the creation task_work.
If it's set, run the same cancelation that exit does.
History

Fri, 20 Dec 2024 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-05-04T07:14:03.183Z

Reserved: 2024-05-24T15:11:00.730Z

Link: CVE-2021-47577

cve-icon Vulnrichment

Updated: 2024-08-04T05:39:59.773Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-19T15:15:52.223

Modified: 2024-11-21T06:36:35.300

Link: CVE-2021-47577

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-19T00:00:00Z

Links: CVE-2021-47577 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T21:07:12Z