#VU90052 Use-after-free in Linux kernel - CVE-2021-47506
Published: May 30, 2024 / Updated: May 14, 2025
Vulnerability identifier: #VU90052
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-47506
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hash_delegation_locked(), unhash_delegation_locked() and nfsd4_cb_recall_prepare() functions in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/04a8d07f3d58308b92630045560799a3faa3ebce
- https://git.kernel.org/stable/c/348714018139c39533c55661a0c7c990671396b4
- https://git.kernel.org/stable/c/33645d3e22720cac1e4548f8fef57bf0649536ee
- https://git.kernel.org/stable/c/2becaa990b93cbd2928292c0b669d3abb6cf06d4
- https://git.kernel.org/stable/c/e0759696de6851d7536efddfdd2dfed4c4df1f09
- https://git.kernel.org/stable/c/eeb0711801f5e19ef654371b627682aed3b11373
- https://git.kernel.org/stable/c/148c816f10fd11df27ca6a9b3238cdd42fa72cd3
- https://git.kernel.org/stable/c/548ec0805c399c65ed66c6641be467f717833ab5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.259
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.296
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.294
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.168