Linux · Linux Kernel · CVE-2021-47564
Name of the Vulnerable Software and Affected Versions:
Linux kernel version 5.15.0
Description:
The issue is related to a double free error in the prestera driver of the Linux kernel. This error can cause the driver to crash. The problem is specifically with the `prestera bridge port join()` function, which handles error paths. The crash occurs due to an internal error, as indicated by the "Oops" message, and involves the `prestera bridge destroy()` function. The estimated number of potentially affected devices and details about real-world incidents are not provided.
Recommendations:
To resolve the issue, update the Linux kernel to a version that includes the fix for the double free issue in the prestera driver.
As a temporary workaround, consider disabling the `prestera bridge port join()` function until a patch is available.
Restrict access to the vulnerable `prestera` module to minimize the risk of exploitation.