SB2024053141 - Use-after-free in Linux kernel watchdog driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2021-47324)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sbc60xxwdt.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/63a3dc24bd053792f84cb4eef0168b1266202a02
• https://git.kernel.org/stable/c/862f2b5a7c38762ac9e369daefbf361a91aca685
• https://git.kernel.org/stable/c/0ac50a76cf3cd63db000648b3b19f3f98b8aaa76
• https://git.kernel.org/stable/c/dc9403097be52d57a5c9c35efa9be79d166a78af
• https://git.kernel.org/stable/c/146cc288fb80c662c9c35e7bc58325d1ac0a7875
• https://git.kernel.org/stable/c/a397cb4576fc2fc802562418b3a50b8f67d60d31
• https://git.kernel.org/stable/c/b4ebf4a4692e84163a69444c70ad515de06e2259
• https://git.kernel.org/stable/c/8adbbe6c86bb13e14f8a19e036ae5f4f5661fd90
• https://git.kernel.org/stable/c/c08a6b31e4917034f0ed0cb457c3bb209576f542
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.240
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.52
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.19
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.134