CVE-2021-47470 : In the Linux kernel, the following vulnerability has been resolved: mm, slub: f

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a use-after-free.

Published 2024-05-22 06:23:28

Updated 2025-01-14 17:33:02

Source Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2021-47470

Linux » Linux Kernel
Versions from including (>=) 5.14 and before (<) 5.14.15
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC1
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC2
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC3
cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC4
cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC5
cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC6
cpe:2.3:o:linux:linux_kernel:5.15:rc6:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47470

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47470

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2025-01-14
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-47470

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-47470

https://git.kernel.org/stable/c/67823a544414def2a36c212abadb55b23bcda00c

mm, slub: fix potential use-after-free in slab_debugfs_fops - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/159d8cfbd0428d487c53be4722f33cdab0d25d83

mm, slub: fix potential use-after-free in slab_debugfs_fops - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47470

Products affected by CVE-2021-47470

Exploit prediction scoring system (EPSS) score for CVE-2021-47470

CVSS scores for CVE-2021-47470

CWE ids for CVE-2021-47470

References for CVE-2021-47470