| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Decrease sock refcount when sock timers expire\n\nCommit 63346650c1a9 (\"netrom: switch to sock timer API\") switched to use\nsock timer API. It replaces mod_timer() by sk_reset_timer(), and\ndel_timer() by sk_stop_timer().\n\nFunction sk_reset_timer() will increase the refcount of sock if it is\ncalled on an inactive timer, hence, in case the timer expires, we need to\ndecrease the refcount ourselves in the handler, otherwise, the sock\nrefcount will be unbalanced and the sock will never be freed." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/netrom/nr_timer.c" |
| ], |
| "versions": [ |
| { |
| "version": "ce29e8a259de767f7210d346ad2b031cb8ab2732", |
| "lessThan": "853262355518cd1247515b74e83fabf038aa6c29", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "baa9e32336bf6d0d74a7c3486d2a27feaf57cd5f", |
| "lessThan": "a01634bf91f2b6c42583770eb6815fb6d1e251cf", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "0adf571fa34b27bd0b97b408cc0f0dc54b72f0eb", |
| "lessThan": "48866fd5c361ea417ed24b43fc2a7dc2f5b060ef", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "2c6b572458a9127e8070df13fa7f115c29ab1d92", |
| "lessThan": "9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "63346650c1a94a92be61a57416ac88c0a47c4327", |
| "lessThan": "25df44e90ff5959b5c24ad361b648504a7e39ef3", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "63346650c1a94a92be61a57416ac88c0a47c4327", |
| "lessThan": "6811744bd0efb9e472cb15d066cdb460beb8cb8a", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "63346650c1a94a92be61a57416ac88c0a47c4327", |
| "lessThan": "bc1660206c3723c37ed4d622ad81781f1e987250", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "63346650c1a94a92be61a57416ac88c0a47c4327", |
| "lessThan": "517a16b1a88bdb6b530f48d5d153478b2552d9a8", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "f1d9a1f2ef6ff17293d21d5e6b80e04bea0cf508", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "519e8a22a454b1f1baa3a151b184fe51bc18e178", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/netrom/nr_timer.c" |
| ], |
| "versions": [ |
| { |
| "version": "5.0", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "5.0", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.4.277", |
| "lessThanOrEqual": "4.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.9.277", |
| "lessThanOrEqual": "4.9.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.14.241", |
| "lessThanOrEqual": "4.14.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.19.199", |
| "lessThanOrEqual": "4.19.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.136", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.54", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.13.6", |
| "lessThanOrEqual": "5.13.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.14", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.4.173", |
| "versionEndExcluding": "4.4.277" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.9.155", |
| "versionEndExcluding": "4.9.277" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.14.98", |
| "versionEndExcluding": "4.14.241" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.19.20", |
| "versionEndExcluding": "4.19.199" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.0", |
| "versionEndExcluding": "5.4.136" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.0", |
| "versionEndExcluding": "5.10.54" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.0", |
| "versionEndExcluding": "5.13.6" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.0", |
| "versionEndExcluding": "5.14" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.18.134" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.20.7" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8" |
| } |
| ], |
| "title": "netrom: Decrease sock refcount when sock timers expire", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2021-47294", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
