Use-after-free in Linux kernel - CVE-2021-47600
Published: June 20, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU92303
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-47600
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rebalance_children() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/a48f6a2bf33734ec5669ee03067dfb6c5b4818d6
- https://git.kernel.org/stable/c/66ea642af6fd4eacb5d0271a922130fcf8700424
- https://git.kernel.org/stable/c/b03abd0aa09c05099f537cb05b8460c4298f0861
- https://git.kernel.org/stable/c/293f957be5e39720778fb1851ced7f5fba6d51c3
- https://git.kernel.org/stable/c/501ecd90efdc9b2edc6c28852ecd098a4adf8f00
- https://git.kernel.org/stable/c/0e21e6cd5eebfc929ac5fa3b97ca2d4ace3cb6a3
- https://git.kernel.org/stable/c/607beb420b3fe23b948a9bf447d993521a02fbbb
- https://git.kernel.org/stable/c/1b8d2789dad0005fd5e7d35dab26a8e1203fb6da
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.259
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.296
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.294
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.88
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.168