| **CVE-2021-47100: Use-after-free vulnerability in IPMI driver** |
| |
| A use-after-free vulnerability has been identified in the IPMI (Intelligent Platform Management Interface) driver in the Linux kernel. This vulnerability occurs when the `ipmi_si` and `ipmi_msghandler` modules are uninstalled, leading to a system crash. |
| |
| The issue arises due to a race condition between the `ipmi_unregister_smi()` function, which schedules work to clean up BMC (Baseboard Management Controller) devices, and the uninstallation of the `ipmi_msghandler` module. When the `ipmi_msghandler` module is uninstalled, it frees the memory allocated for the `bmc_device_type` structure, which is still referenced by the `cleanup_bmc_work()` function. This results in a use-after-free error, causing the system to crash. |
| |
| The vulnerability was introduced in kernel version 4.15 and has been fixed in various kernel versions, including 4.19.223, 5.4.169, 5.10.89, 5.15.12, and 5.16. The affected file is `drivers/char/ipmi/ipmi_msghandler.c`. To mitigate this issue, users are recommended to update to the latest stable kernel version. |
| |
