CVE-2021-47505

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.18

Description: The vulnerability is related to a use-after-free error in the Linux kernel's aio component. This error occurs when the aio poll wake() function is called and the POLLFREE notification is not handled properly, allowing a use-after-free to occur if a signalfd or binder fd is polled with aio poll and the waitqueue gets freed. The issue is caused by the fact that aio poll does not handle POLLFREE notifications, unlike eventpoll. To fix this, a patch was applied to make aio poll handle POLLFREE in a deadlock-free way, taking advantage of the fact that freeing of the waitqueue is RCU-delayed.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the use-after-free error in the aio component. Specifically, update to a version later than 4.18.

Note: The provided input descriptions do not mention specific fixed versions or patchdays, so the recommendation is based on the information that the vulnerability was introduced in kernel v4.18.