CVE-2021-47118

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.13-rc3

Description The vulnerability is related to the initialization of cad pid in the Linux kernel. During boot, kernel init freeable() initializes cad pid to the init task's struct pid. Later, when cad pid is changed via a sysctl, proc do cad pid() increments the refcount on the new pid via get pid() and decrements the refcount on the old pid via put pid(). However, since get pid() was not called when cad pid was initialized, a reference is decremented that was never incremented, which can lead to the init task's struct pid being freed early. This can cause dangling references to the struct pid, resulting in a use-after-free issue when delivering signals.

Recommendations To resolve this issue, get a reference to the init task's struct pid when assigning it to cad pid. This can be done by calling get pid() when initializing cad pid.

Note: The provided input does not specify the exact versions that are vulnerable or the versions that contain the fix. However, based on the information given, it appears that versions prior to 5.13-rc3 are affected.