PT-2024-11445 · Linux+2 · Linux Kernel+2

Juhee Kang

Published

2021-10-04

Updated

2024-06-25

CVE-2021-47451

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0

Description The vulnerability occurs when the rule related to IDLETIMER is added, and the idletimer tg timer structure is initialized by kmalloc on executing the idletimer tg create function. However, in this process, timer->timer type is not defined to a specific value, resulting in a garbage value and kernel panic. The issue is resolved by initializing timer->timer type using kzalloc instead of kmalloc.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the vulnerability. Specifically, for Linux kernel versions prior to 5.14.0, update to version 5.14.0 or later. As a temporary workaround, consider disabling the IDLETIMER module until a patch is available.

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-457

Related Identifiers

BDU:2025-14236

CVE-2021-47451

OPENSUSE-SU-2024_2185-1

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2024-11445 · Linux+2 · Linux Kernel+2

CVE-2021-47451

Weakness Enumeration

Related Identifiers

Affected Products

References · 1429