CVE-2021-47324 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability occurs in the `wdt_startup()` function of the watchdog module, specifically in its remove path. The issue arises because the `del_timer()` function is called without waiting for the timer handler to finish executing. This can lead to a use-after-free scenario, where the timer handler may still be running after the driver's remove function has completed, resulting in an attempt to access already freed memory.

 The problem is resolved by replacing `del_timer()` with `del_timer_sync()`, which ensures that the timer handler has finished executing before returning. This prevents the possibility of a use-after-free scenario.

 The affected file is `drivers/watchdog/sbc60xxwdt.c`. The vulnerability was fixed in various kernel versions, including 4.4.276, 4.9.276, 4.14.240, 4.19.198, 5.4.134, 5.10.52, 5.12.19, and 5.13.4, with the corresponding commits provided in the CVE report.
	The vulnerability occurs in the `wdt_startup()` function of the watchdog module, specifically in its remove path. The issue arises because the `del_timer()` function is called without waiting for the timer handler to finish executing. This can lead to a use-after-free scenario, where the timer handler may still be running after the driver's remove function has completed, resulting in an attempt to access already freed memory.

	The problem is resolved by replacing `del_timer()` with `del_timer_sync()`, which ensures that the timer handler has finished executing before returning. This prevents the possibility of a use-after-free scenario.

	The affected file is `drivers/watchdog/sbc60xxwdt.c`. The vulnerability was fixed in various kernel versions, including 4.4.276, 4.9.276, 4.14.240, 4.19.198, 5.4.134, 5.10.52, 5.12.19, and 5.13.4, with the corresponding commits provided in the CVE report.