CVE-2021-47512

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.0-rc4-syzkaller

Description: The vulnerability is related to the fq pie component in the Linux kernel, which is responsible for managing network traffic. The issue arises from the fact that the fq pie destroy() function did not properly copy working code from pie destroy() and other qdiscs, leading to an elusive bug. This bug can cause a denial-of-service (DoS) condition, allowing an attacker to disrupt network services. The vulnerability is triggered when the del timer sync() function is called without ensuring that the timer will not rearm itself.

Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for the fq pie vulnerability. Specifically, versions 5.16.0-rc4-syzkaller and later should be used. As a temporary workaround, consider disabling the fq pie component until a patch is available. However, this may impact network performance and should be carefully evaluated before implementation.