PT-2024-11288 · Linux+6 · Linux Kernel+6

Zheyu Ma

·

Published

2021-05-17

·

Updated

2024-09-17

·

CVE-2021-47284

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.13.0-rc1-00144-g25a1298726e #13
Description A vulnerability in the Linux kernel has been resolved, specifically in the isdn: mISDN: netjet module. The issue arises when 'nj setup' in netjet.c fails with -EIO, causing 'card->irq' to be initialized with a value greater than zero. A subsequent call to 'nj release' will then attempt to free the irq that was not requested, leading to a crash. The KASAN log reveals this issue. The vulnerability is related to the use of the free irq function and the nj release function.
Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, the fix involves deleting the previous assignment to 'card->irq' and keeping only the assignment before 'request irq'. As a temporary workaround, consider disabling the nj setup function in netjet.c until a patch is available.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2024:5101
ALSA-2024:5102
BDU:2025-07408
CESA-2024_5101
CESA-2024_5102
CVE-2021-47284
INFSA-2024_5101
INFSA-2024_5102
OESA-2024-1677
OESA-2024-1678
OPENSUSE-SU-2024_2185-1
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024_5101
RHSA-2024_5102
RLSA-2024:5101
RLSA-2024:5102
RXSA-2024:5101
SUSE-SU-2024:1979-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2010-1
SUSE-SU-2024:2183-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2185-1

Affected Products

Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse