CVE-2021-47278

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A possible use-after-free issue has been identified in the Linux kernel, specifically in the mhi pci remove() function of the bus: mhi: pci generic driver. The driver's remove path calls del timer(), but this function does not wait until the timer handler finishes, potentially resulting in a use-after-free. This issue is resolved by calling del timer sync(), which ensures the timer handler has finished and cannot re-schedule itself.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.