CVE-2021-47357

atm: iphase: fix possible use-after-free in ia_module_exit()

Description

In the Linux kernel, the following vulnerability has been resolved: atm: iphase: fix possible use-after-free in ia_module_exit() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/9e161687855175334ca93c6c3ccb221731194479 patch
https://git.kernel.org/stable/c/a832ee2f2145f57443b2d565f8cb5490e8339f42 patch
https://git.kernel.org/stable/c/bcdd2be48edd8c6867fb44112cb8d18086beae29 patch
https://git.kernel.org/stable/c/89ce0b0747f319eb70f85bc820dcc43cebbd5417 patch
https://git.kernel.org/stable/c/c9172498d4d62c9b64e5fb37c1ee0343e65fe51b patch
https://git.kernel.org/stable/c/e759ff76ebbbfcdcf83b6634c54dc47828573d8b patch
https://git.kernel.org/stable/c/b58d246a058ae88484758cd4ab27b3180fd5ecf8 patch
https://git.kernel.org/stable/c/d1fb12412874c94ad037e11d0ecdd1140a439297 patch
https://git.kernel.org/stable/c/1c72e6ab66b9598cac741ed397438a52065a8f1f patch

Frequently Asked Questions

What is the severity of CVE-2021-47357?
CVE-2021-47357 has been scored as a high severity vulnerability.
How to fix CVE-2021-47357?
To fix CVE-2021-47357, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47357 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47357 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47357?
CVE-2021-47357 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.