CVE-2021-47248
Published: May 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: udp: fix race between close() and udp_abort() Kaustubh reported and diagnosed a panic in udp_lib_lookup(). The root cause is udp_abort() racing with close(). Both racing functions acquire the socket lock, but udp{v6}_destroy_sock() release it before performing destructive actions. We can't easily extend the socket lock scope to avoid the race, instead use the SOCK_DEAD flag to prevent udp_abort from doing any action when the critical race happens. Diagnosed-and-tested-by: Kaustubh Pandey <[email protected]>
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 5d77dca82839ef016a93ad7acd7058b14d967752 - < e3c36c773aed0fef8b1d3d555b43393ec564400faffected 5d77dca82839ef016a93ad7acd7058b14d967752 - < a0882f68f54f7a8b6308261acee9bd4faab5a69eaffected 5d77dca82839ef016a93ad7acd7058b14d967752 - < 2f73448041bd0682d4b552cfd314ace66107f1adaffected 5d77dca82839ef016a93ad7acd7058b14d967752 - < 5a88477c1c85e4baa51e91f2d40f2166235daa56affected 5d77dca82839ef016a93ad7acd7058b14d967752 - < 8729ec8a2238152a4afc212a331a6cd2c61aeeac+2 more versions |
Linux | Linux | affected 4.9unaffected 0 - < 4.9unaffected 4.9.274 - <= 4.9.*unaffected 4.14.238 - <= 4.14.*unaffected 4.19.196 - <= 4.19.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now