CVE - CVE-2021-47026

CVE-ID
CVE-2021-47026	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: destroy sysfs after removing session from active list A session can be removed dynamically by sysfs interface "remove_path" that eventually calls rtrs_clt_remove_path_from_sysfs function. The current rtrs_clt_remove_path_from_sysfs first removes the sysfs interfaces and frees sess->stats object. Second it removes the session from the active list. Therefore some functions could access non-connected session and access the freed sess->stats object even-if they check the session status before accessing the session. For instance rtrs_clt_request and get_next_path_min_inflight check the session status and try to send IO to the session. The session status could be changed when they are trying to send IO but they could not catch the change and update the statistics information in sess->stats object, and generate use-after-free problem. (see: "RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats") This patch changes the rtrs_clt_remove_path_from_sysfs to remove the session from the active session list and then destroy the sysfs interfaces. Each function still should check the session status because closing or error recovery paths can change the status.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/676171f9405dcaa45a33d18241c32f387dbaae39 URL:https://git.kernel.org/stable/c/676171f9405dcaa45a33d18241c32f387dbaae39 MISC:https://git.kernel.org/stable/c/7f4a8592ff29f19c5a2ca549d0973821319afaad URL:https://git.kernel.org/stable/c/7f4a8592ff29f19c5a2ca549d0973821319afaad MISC:https://git.kernel.org/stable/c/b64415c6b3476cf9fa4d0aea3807065b8403a937 URL:https://git.kernel.org/stable/c/b64415c6b3476cf9fa4d0aea3807065b8403a937 MISC:https://git.kernel.org/stable/c/d3cca8067d43dfee4a3535c645b55f618708dccb URL:https://git.kernel.org/stable/c/d3cca8067d43dfee4a3535c645b55f618708dccb
Assigning CNA
kernel.org
Date Record Created
20240227	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240227)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)