CVE-2021-47209

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free error in the Linux kernel's sched/fair component. This error occurs when the unregister fair sched group() function unlinks all cfs rqs from a dying task group without protecting itself from interruptions. If a timer interrupt triggers during this process, the sched cfs period timer() function may execute and attempt to unthrottle cfs rqs, leading to a situation where these cfs rqs are freed while still being linked. This can result in a crash or potentially allow an attacker to elevate privileges in the system. The root cause of the issue is the tg unthrottle up() function being called via sched cfs period timer() at an inconvenient time.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.