PT-2024-11462 · Linux+6 · Linux Kernel+6

Zheyu Ma

Published

2021-10-09

Updated

2024-09-17

CVE-2021-47468

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel has a vulnerability where the driver can call the card->isac.release() function from an atomic context. This issue is fixed by calling the function after releasing the lock. The vulnerability is related to a sleeping function being called from an invalid context.

Technical details about exploitation include:

The card->isac.release() function is called from an atomic context.
The nj release() function is involved in the call trace.
The issue is related to the mISDN freedchannel() and isac release() functions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2024:5101

ALSA-2024:5102

BDU:2025-14562

CESA-2024_5101

CESA-2024_5102

CVE-2021-47468

INFSA-2024_5101

INFSA-2024_5102

OESA-2024-1736

OPENSUSE-SU-2024_2185-1

OPENSUSE-SU-2024_2189-1

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024:5692

RHSA-2024:6993

RHSA-2024_5101

RHSA-2024_5102

RLSA-2024:5101

RLSA-2024:5102

RXSA-2024:5101

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2940-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2024-11462 · Linux+6 · Linux Kernel+6

CVE-2021-47468

Weakness Enumeration

Related Identifiers

Affected Products

References · 2289