| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix link timeout refs\n\nWARNING: CPU: 0 PID: 10242 at lib/refcount.c:28 refcount_warn_saturate+0x15b/0x1a0 lib/refcount.c:28\nRIP: 0010:refcount_warn_saturate+0x15b/0x1a0 lib/refcount.c:28\nCall Trace:\n __refcount_sub_and_test include/linux/refcount.h:283 [inline]\n __refcount_dec_and_test include/linux/refcount.h:315 [inline]\n refcount_dec_and_test include/linux/refcount.h:333 [inline]\n io_put_req fs/io_uring.c:2140 [inline]\n io_queue_linked_timeout fs/io_uring.c:6300 [inline]\n __io_queue_sqe+0xbef/0xec0 fs/io_uring.c:6354\n io_submit_sqe fs/io_uring.c:6534 [inline]\n io_submit_sqes+0x2bbd/0x7c50 fs/io_uring.c:6660\n __do_sys_io_uring_enter fs/io_uring.c:9240 [inline]\n __se_sys_io_uring_enter+0x256/0x1d60 fs/io_uring.c:9182\n\nio_link_timeout_fn() should put only one reference of the linked timeout\nrequest, however in case of racing with the master request's completion\nfirst io_req_complete() puts one and then io_put_req_deferred() is\ncalled." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "fs/io_uring.c" |
| ], |
| "versions": [ |
| { |
| "version": "1c20e9040f49687ba2ccc2ffd4411351a6c2ebff", |
| "lessThan": "0b2a990e5d2f76d020cb840c456e6ec5f0c27530", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "1c20e9040f49687ba2ccc2ffd4411351a6c2ebff", |
| "lessThan": "6f5d7a45f58d3abe3a936de1441b8d6318f978ff", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "9ae1f8dd372e0e4c020b345cf9e09f519265e981", |
| "lessThan": "876808dba2ff7509bdd7f230c4f374a0caf4f410", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "9ae1f8dd372e0e4c020b345cf9e09f519265e981", |
| "lessThan": "ff4a96ba5c8f9b266706280ff8021d2ef3f17e86", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "9ae1f8dd372e0e4c020b345cf9e09f519265e981", |
| "lessThan": "a298232ee6b9a1d5d732aa497ff8be0d45b5bd82", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "567c81912cec641db75ac6cb64c63f8367c97d19", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "fs/io_uring.c" |
| ], |
| "versions": [ |
| { |
| "version": "5.12", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "5.12", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.43", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.55", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.12.10", |
| "lessThanOrEqual": "5.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.12.19", |
| "lessThanOrEqual": "5.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.13", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10.26", |
| "versionEndExcluding": "5.10.43" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10.26", |
| "versionEndExcluding": "5.10.55" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.12", |
| "versionEndExcluding": "5.12.10" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.12", |
| "versionEndExcluding": "5.12.19" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.12", |
| "versionEndExcluding": "5.13" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.11.6" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/0b2a990e5d2f76d020cb840c456e6ec5f0c27530" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/6f5d7a45f58d3abe3a936de1441b8d6318f978ff" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/876808dba2ff7509bdd7f230c4f374a0caf4f410" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/ff4a96ba5c8f9b266706280ff8021d2ef3f17e86" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/a298232ee6b9a1d5d732aa497ff8be0d45b5bd82" |
| } |
| ], |
| "title": "io_uring: fix link timeout refs", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2021-47124", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
