VDB

CISA-2021-47061

CISA-2021-47061 PUBLISHED

Reported by Linux · Published February 29, 2024

In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guaranteed to see the new null bus. Destroying devices before the bus is nullified could lead to use-after-free since readers expect the devices on their reference of the bus to remain valid.

Affected Products

VendorProductVersions
LinuxLinuxf65886606c2d3b562716de030706dfe1bea4ed5e, f65886606c2d3b562716de030706dfe1bea4ed5e, f65886606c2d3b562716de030706dfe1bea4ed5e
LinuxLinux5.9, 0, 5.10.37
linuxlinux_kernel5.9, 5.9, 5.9
LinuxLinuxf65886606c2d3b562716de030706dfe1bea4ed5e, f65886606c2d3b562716de030706dfe1bea4ed5e, f65886606c2d3b562716de030706dfe1bea4ed5e

Timeline

  • Feb 29, 2024 CVE Published
  • May 4, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›