CVE-2021-47646

EPSS 0.04%
Veröffentlicht 26.02.2025 06:37:06
Zuletzt bearbeitet 24.03.2025 17:46:46
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

Revert "Revert "block, bfq: honor already-setup queue merges""

A crash [1] happened to be triggered in conjunction with commit
2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The
latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq:
honor already-setup queue merges""). Yet, the reverted commit was not
the one introducing the bug. In fact, it actually triggered a UAF
introduced by a different commit, and now fixed by commit d29bd41428cf
("block, bfq: reset last_bfqq_created on group change").

So, there is no point in keeping commit 2d52c58b9c9b ("block, bfq:
honor already-setup queue merges") out. This commit restores it.

[1] https://bugzilla.kernel.org/show_bug.cgi?id=214503

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 4.19.238

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.189

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.110

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.33

Linux ≫ Linux Kernel Version >= 5.16 < 5.16.19

Linux ≫ Linux Kernel Version >= 5.17 < 5.17.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.125

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/15729ff8143f8135b03988a100a19e66d7cb7ecd

Patch

https://git.kernel.org/stable/c/4083925bd6dc89216d156474a8076feec904e607

Patch

https://git.kernel.org/stable/c/65d8a737452e88f251fe5d925371de6d606df613

Patch

https://git.kernel.org/stable/c/931aff627469a75c77b9fd3823146d0575afffd6

Patch

https://git.kernel.org/stable/c/abc2129e646af7b43025d90a071f83043f1ae76c

Patch

https://git.kernel.org/stable/c/cc051f497eac9d8a0d816cd4bffa3415f2724871

Patch