PT-2024-11295 · Linux+3 · Linux Kernel+3

Published

2021-07-18

Updated

2025-11-10

CVE-2021-47294

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the netrom protocol in the Linux kernel, where the sock refcount is not properly decreased when sock timers expire. This can lead to an unbalanced sock refcount, causing the sock to never be freed. The problem arises from the use of the sock timer API, which replaces mod timer() with sk reset timer() and del timer() with sk stop timer(). When sk reset timer() is called on an inactive timer, it increases the refcount of sock, and if the timer expires, the refcount needs to be decreased manually in the handler to avoid the issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-672

Related Identifiers

BDU:2025-14611

CVE-2021-47294

OESA-2024-1705

SUSE-SU-2024:2360-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2561-1

USN-7863-1

USN-7865-1

Affected Products

Astra Linux

Linux Kernel

Suse

Ubuntu

PT-2024-11295 · Linux+3 · Linux Kernel+3

CVE-2021-47294

Weakness Enumeration

Related Identifiers

Affected Products

References · 475