PT-2021-8141 · Linux+3 · Linux Kernel+3

Wu Bo

·

Published

2021-12-21

·

Updated

2025-06-18

·

CVE-2021-47100

CVSS v2.0

6.2

Medium

VectorAV:L/AC:L/Au:S/C:C/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.18.0.x86 64 #46 and #47
Description The vulnerability in the Linux kernel is related to a use-after-free (UAF) issue when uninstalling the ipmi si and ipmi msghandler modules. This can cause the system to crash. The issue arises from the sequence of events involving the removal of these modules, specifically through the functions ipmi unregister smi(), ipmi bmc unregister(), and the scheduling of work for the removal of the BMC device. The vulnerability can potentially be exploited to elevate privileges in the system.
Recommendations To resolve this issue, ensure that your Linux kernel is updated to a version that includes the fix for this vulnerability. Specifically, for versions 4.18.0.x86 64 #46 and #47, update to a newer version of the Linux kernel where this issue has been addressed. If you are using a version prior to the fixed version, consider temporarily disabling the use of the ipmi si and ipmi msghandler modules until an update can be applied.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-08410
CVE-2021-47100
OESA-2024-1535
OPENSUSE-SU-2024_1321-1
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1489-1
OPENSUSE-SU-2024_1490-1
SUSE-SU-2024:1320-1
SUSE-SU-2024:1321-1
SUSE-SU-2024:1465-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1489-1
SUSE-SU-2024:1490-1
SUSE-SU-2024:1643-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1870-1
SUSE-SU-2025:01995-1

Affected Products

Astra Linux
Linux Kernel
Red Os
Suse