| The vulnerability CVE-2021-47124 is a reference counting issue in the io_uring subsystem of the Linux kernel. Specifically, the `io_link_timeout_fn()` function puts two references to the linked timeout request when it should only put one. This occurs due to a race condition with the master request's completion, where `io_req_complete()` puts one reference and then `io_put_req_deferred()` is called. |
| |
| This issue leads to an incorrect reference count, which can cause unexpected behavior or crashes in the kernel. The vulnerability was introduced in Linux kernel version 5.10.26 with commit 1c20e9040f49 and fixed in various subsequent versions, including 5.10.43, 5.10.55, 5.12.10, 5.12.19, and 5.13. |
| |
| The affected file is `fs/io_uring.c`, which is part of the io_uring subsystem responsible for asynchronous I/O operations. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested alone but rather as part of a larger kernel release. |
| |
