CVE-2021-47552

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.0

Description: The vulnerability is related to the blk-mq component of the Linux kernel, which can cause a kernel NULL pointer dereference when the scsi device is freed before running blk release queue(). This issue can lead to a denial of service. The vulnerability is caused by the fact that the blk-mq dispatch work is not properly canceled in both blk cleanup queue and disk release.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, ensure that the blk-mq dispatch work is properly canceled in both blk cleanup queue and disk release. As a temporary workaround, consider disabling the blk mq quiesce queue() function until a patch is available. However, this workaround may have performance implications and should be used with caution.

Note: The provided information does not include specific details about the number of potentially affected devices or real-world incidents where this issue was exploited.