CVE-2021-47026

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free problem can occur in the Linux kernel when a session is removed dynamically by the sysfs interface "remove path" that calls the rtrs clt remove path from sysfs function. This function first removes the sysfs interfaces and frees the sess->stats object, and then removes the session from the active list. As a result, some functions may access a non-connected session and the freed sess->stats object, even if they check the session status before accessing the session. For example, rtrs clt request and get next path min inflight check the session status and try to send IO to the session, but the session status could be changed while they are trying to send IO, generating a use-after-free problem. The patch changes the rtrs clt remove path from sysfs to remove the session from the active session list and then destroy the sysfs interfaces.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.