CVE-2021-47555

2024-05-2400:00:00

ubuntu.com

linux kernel

net vulnerability

vlan fix

underflow

refcnt

kernel vulnerability

memory leak

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

In the Linux kernel, the following vulnerability has been resolved: net:
vlan: fix underflow for the real_dev refcnt Inject error before
dev_hold(real_dev) in register_vlan_dev(), and execute the following
testcase: ip link add dev dummy1 type dummy ip link add name dummy1.100
link dummy1 type vlan id 100 ip link del dev dummy1 When the dummy
netdevice is removed, we will get a WARNING as following:

refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 2 PID: 0 at
lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 and an endless loop of:

unregister_netdevice: waiting for dummy1 to become free. Usage count =
-1073741824 That is because dev_put(real_dev) in vlan_dev_free() be called
without dev_hold(real_dev) in register_vlan_dev(). It makes the refcnt of
real_dev underflow. Move the dev_hold(real_dev) to vlan_dev_init() which is
the call-back of ndo_init(). That makes dev_hold() and dev_put() for vlan’s
real_dev symmetrical.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN