CVE-2021-47470

Summary

In the Linux kernel, the following vulnerability has been resolved:

mm, slub: fix potential use-after-free in slab_debugfs_fops

When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a use-after-free.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux64dd68497be76ab4e237cca06f5324e220d0f050 < 159d8cfbd0428d487c53be4722f33cdab0d25d83affected
LinuxLinux64dd68497be76ab4e237cca06f5324e220d0f050 < 67823a544414def2a36c212abadb55b23bcda00caffected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.14.15 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References