PT-2024-8906 · Linux+3 · Linux Kernel+3

Antoine Tenart

+1

·

Published

2024-05-24

·

Updated

2025-04-14

·

CVE-2021-47517

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.0-rc6+
Description: The issue is related to the ethtool component of the Linux kernel, where there is a short period between a net device starting to be unregistered and when it is actually gone, during which ethtool operations could still be performed, potentially leading to unwanted or undefined behaviors. This could result in NULL pointer exceptions and use-after-free errors. For example, adding Tx queues after unregistering a net device could lead to such errors.
Recommendations: To resolve the issue, update the Linux kernel to a version that includes the patch for this vulnerability. As a temporary workaround, consider disabling ethtool operations on net devices that are being unregistered to minimize the risk of exploitation. Restrict access to the netlink part of the ethtool component, as the ioctl part is not affected by this issue.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-10573
CVE-2021-47517
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
OPENSUSE-SU-2024_4120-1
OPENSUSE-SU-2024_4122-1
OPENSUSE-SU-2024_4123-1
OPENSUSE-SU-2024_4124-1
OPENSUSE-SU-2024_4125-1
OPENSUSE-SU-2024_4127-1
OPENSUSE-SU-2024_4128-1
OPENSUSE-SU-2024_4141-1
OPENSUSE-SU-2024_4160-1
OPENSUSE-SU-2024_4206-1
OPENSUSE-SU-2024_4207-1
OPENSUSE-SU-2024_4214-1
OPENSUSE-SU-2024_4216-1
OPENSUSE-SU-2024_4218-1
OPENSUSE-SU-2024_4220-1
OPENSUSE-SU-2024_4227-1
OPENSUSE-SU-2024_4228-1
OPENSUSE-SU-2024_4240-1
OPENSUSE-SU-2024_4243-1
OPENSUSE-SU-2025_0114-1
OPENSUSE-SU-2025_0115-1
OPENSUSE-SU-2025_0138-1
OPENSUSE-SU-2025_0146-1
OPENSUSE-SU-2025_0158-1
OPENSUSE-SU-2025_0164-1
OPENSUSE-SU-2025_0181-1
OPENSUSE-SU-2025_0252-1
OPENSUSE-SU-2025_0253-1
OPENSUSE-SU-2025_0254-1
OPENSUSE-SU-2025_0260-1
OPENSUSE-SU-2025_0266-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3483-1
SUSE-SU-2024:4120-1
SUSE-SU-2024:4122-1
SUSE-SU-2024:4123-1
SUSE-SU-2024:4124-1
SUSE-SU-2024:4125-1
SUSE-SU-2024:4127-1
SUSE-SU-2024:4128-1
SUSE-SU-2024:4141-1
SUSE-SU-2024:4160-1
SUSE-SU-2024:4206-1
SUSE-SU-2024:4207-1
SUSE-SU-2024:4214-1
SUSE-SU-2024:4216-1
SUSE-SU-2024:4218-1
SUSE-SU-2024:4220-1
SUSE-SU-2024:4227-1
SUSE-SU-2024:4228-1
SUSE-SU-2024:4240-1
SUSE-SU-2024:4243-1
SUSE-SU-2025:0114-1
SUSE-SU-2025:0115-1
SUSE-SU-2025:0138-1
SUSE-SU-2025:0146-1
SUSE-SU-2025:0158-1
SUSE-SU-2025:0164-1
SUSE-SU-2025:0181-1
SUSE-SU-2025:0252-1
SUSE-SU-2025:0253-1
SUSE-SU-2025:0254-1
SUSE-SU-2025:0260-1
SUSE-SU-2025:0266-1
SUSE-SU-2025:1176-1
SUSE-SU-2025:1241-1
SUSE-SU-2025_1241-1

Affected Products

Astra Linux
Linux Kernel
Red Os
Suse