vulnerability

Debian: CVE-2021-47294: linux -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	2024-05-21	2024-07-30	2025-02-20

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

2024-05-21

Added

2024-07-30

Modified

2025-02-20

Description

In the Linux kernel, the following vulnerability has been resolved:

netrom: Decrease sock refcount when sock timers expire

Commit 63346650c1a9 ("netrom: switch to sock timer API") switched to use
sock timer API. It replaces mod_timer() by sk_reset_timer(), and
del_timer() by sk_stop_timer().

Function sk_reset_timer() will increase the refcount of sock if it is
called on an inactive timer, hence, in case the timer expires, we need to
decrease the refcount ourselves in the handler, otherwise, the sock
refcount will be unbalanced and the sock will never be freed.

Solution

debian-upgrade-linux

References

CVE-2021-47294
https://attackerkb.com/topics/CVE-2021-47294

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today