Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-47494
HistoryMay 22, 2024 - 12:00 a.m.

CVE-2021-47494

2024-05-2200:00:00
ubuntu.com
ubuntu.com
1
vulnerability
linux kernel
cfg80211
management registrations
locking
list corruption
wdev
spinlocks
wiphy
rdev
contention

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

In the Linux kernel, the following vulnerability has been resolved:
cfg80211: fix management registrations locking The management registrations
locking was broken, the list was locked for each wdev, but
cfg80211_mgmt_registrations_update() iterated it without holding all the
correct spinlocks, causing list corruption. Rather than trying to fix it
with fine-grained locking, just move the lock to the wiphy/rdev (still need
the list on each wdev), we already need to hold the wdev lock to change it,
so there’s no contention on the lock in any case. This trivially fixes the
bug since we hold one wdev’s lock already, and now will hold the lock that
protects all lists.

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%