PT-2024-11372 · Linux+2 · Linux Kernel+2

Zhihao Cheng

·

Published

2021-09-24

·

Updated

2024-10-27

·

CVE-2021-47375

CVSS v3.1

6.2

Medium

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is an use-after-free problem in the Linux kernel's blktrace functionality. This problem is triggered by a specific process involving the removal of a block trace by sysfs, followed by the access of the removed trace. The vulnerability can be reproduced by using the ioctl function on /dev/sda and /dev/sdb with specific parameters, and then removing the block trace while it is still being accessed. The vulnerability results in a kernel NULL pointer dereference.
Technical details about exploitation include:
  • API Endpoints: The ioctl function is used with the following endpoints: /dev/sda and /dev/sdb.
  • Vulnerable Parameters or Variables: The buf size variable in the blk user trace setup function is set to 127.
  • Function Names: The vulnerability involves the blk trace remove queue, synchronize rcu, blk trace free, relay close, rcu read lock, blk add trace, trace note tsk, relay close buf, relay destroy buf, kfree, trace note, and relay reserve functions.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-07512
CVE-2021-47375
OPENSUSE-SU-2024_2185-1
OPENSUSE-SU-2024_2189-1
SUSE-SU-2024:1979-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2010-1
SUSE-SU-2024:2011-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2183-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2185-1
SUSE-SU-2024:2189-1
SUSE-SU-2024:2190-1

Affected Products

Astra Linux
Linux Kernel
Suse