PT-2024-11423 · Linux+2 · Linux Kernel+2

Mike Christie

Published

2021-10-04

Updated

2024-12-31

CVE-2021-47427

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability has been resolved in the Linux kernel, specifically in the scsi: iscsi component. The issue arises from a use-after-free error in the iscsi task due to changes in abort handling. The commit d39df158518c introduced iscsi get conn() and iscsi put conn() calls during abort handling but also altered the handling of already completed tasks, leading to the iscsi task use after free. This occurs because the common cleanup code performs a put on the iscsi task. The fix reverts the goto and moves the iscsi get conn() call to after the check for iscsi task validity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-07466

CVE-2021-47427

OESA-2024-1692

OESA-2024-1694

OESA-2024-1768

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2024-11423 · Linux+2 · Linux Kernel+2

CVE-2021-47427

Weakness Enumeration

Related Identifiers

Affected Products

References · 1390