PT-2024-8984 · Linux+3 · Linux Kernel+3

Volodymyr Mytnyk

Published

2024-05-24

Updated

2025-01-06

CVE-2021-47564

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.15.0

Description: The issue is related to a double free error in the prestera driver of the Linux kernel. This error can cause the driver to crash. The problem is specifically with the prestera bridge port join() function, which handles error paths. The crash occurs due to an internal error, as indicated by the "Oops" message, and involves the prestera bridge destroy() function. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the double free issue in the prestera driver. As a temporary workaround, consider disabling the prestera bridge port join() function until a patch is available. Restrict access to the vulnerable prestera module to minimize the risk of exploitation.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2024-10666

CVE-2021-47564

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2024-8984 · Linux+3 · Linux Kernel+3

CVE-2021-47564

Weakness Enumeration

Related Identifiers

Affected Products

References · 1246