U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2021-47328 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix conn use after free during resets If we haven't done a unbind target call we can race where iscsi_conn_teardown wakes up the EH thread and then frees the conn while those threads are still accessing the conn ehwait. We can only do one TMF per session so this just moves the TMF fields from the conn to the session. We can then rely on the iscsi_session_teardown->iscsi_remove_session->__iscsi_unbind_session call to remove the target and it's devices, and know after that point there is no device or scsi-ml callout trying to access the session.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/89812e7957ab0746eab66ed6fc49d52bb4dca250 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/bf20d85a88384574fabb3d53ad62a8af57e7ab11 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/d04958a348e560938410e04a12fb99da9c7e6a00 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/ec29d0ac29be366450a7faffbcf8cba3a6a3b506 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/f0a031f7c55ffd944fead1ddaf2aa94df9a158c1 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/fa9542b35ceb4202e8f8d65f440529a63524dca9 CVE, kernel.org Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-416 Use After Free cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2021-47328
NVD Published Date:
05/21/2024
NVD Last Modified:
12/26/2024
Source:
kernel.org