Lucene search

K
redhatcveRedhat.comRH:CVE-2021-47248
HistoryMay 23, 2024 - 2:03 p.m.

CVE-2021-47248

2024-05-2314:03:48
redhat.com
access.redhat.com
3
linux kernel
udp vulnerability
cve-2021-47248

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

In the Linux kernel, the following vulnerability has been resolved: udp: fix race between close() and udp_abort() Kaustubh reported and diagnosed a panic in udp_lib_lookup(). The root cause is udp_abort() racing with close(). Both racing functions acquire the socket lock, but udp{v6}_destroy_sock() release it before performing destructive actions. We can’t easily extend the socket lock scope to avoid the race, instead use the SOCK_DEAD flag to prevent udp_abort from doing any action when the critical race happens. Diagnosed-and-tested-by: Kaustubh Pandey

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%