PT-2024-11148 · Linux+5 · Linux Kernel+5

Matthias Von Faber

Published

2021-05-22

Updated

2025-01-09

CVE-2021-47069

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition in the Linux kernel's ipc/mqueue, msg, and sem components can cause a crash when a do mq timedreceive call returns and leaves do mq timedsend to rely on an invalid address. The issue occurs when do mq timedreceive calls wq sleep with a stack local address, which is later used by do mq timedsend to call pipelined send. If the receiver wakes up and returns before the sender, the sender may dereference an invalid address, leading to a crash. The vulnerable function is pipelined op(), which should not dereference this after setting STATE READY.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-672

Related Identifiers

ALSA-2024:4211

ALSA-2024:4352

BDU:2025-05320

CESA-2024_4211

CESA-2024_4352

CVE-2021-47069

INFSA-2024_4211

INFSA-2024_4352

OPENSUSE-SU-2024_0857-1

OPENSUSE-SU-2024_1489-1

OPENSUSE-SU-2024_3585-1

RHSA-2024:4211

RHSA-2024:4352

RHSA-2024:5692

RHSA-2024:6206

RHSA-2024_4211

RHSA-2024_4352

RLSA-2024:4211

RLSA-2024:4352

RXSA-2024:4211

SUSE-SU-2024:0856-1

SUSE-SU-2024:0857-1

SUSE-SU-2024:0926-1

SUSE-SU-2024:1454-1

SUSE-SU-2024:1489-1

SUSE-SU-2024:3565-1

SUSE-SU-2024:3585-1

SUSE-SU-2024_3565-1

SUSE-SU-2024_3585-1

Affected Products

Almalinux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2024-11148 · Linux+5 · Linux Kernel+5

CVE-2021-47069

Weakness Enumeration

Related Identifiers

Affected Products

References · 703