DEBIAN-CVE-2021-47124

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2021-47124

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47124.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2021-47124

Upstream

CVE-2021-47124

Published

2024-03-15T21:15:07.260Z

Modified

2025-11-19T02:02:45.720583Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: iouring: fix link timeout refs WARNING: CPU: 0 PID: 10242 at lib/refcount.c:28 refcountwarnsaturate+0x15b/0x1a0 lib/refcount.c:28 RIP: 0010:refcountwarn_saturate+0x15b/0x1a0 lib/refcount.c:28 Call Trace: __refcountsuband_test include/linux/refcount.h:283 [inline] __refcountdecandtest include/linux/refcount.h:315 [inline] refcountdecandtest include/linux/refcount.h:333 [inline] ioputreq fs/iouring.c:2140 [inline] ioqueuelinkedtimeout fs/io_uring.c:6300 [inline] __ioqueuesqe+0xbef/0xec0 fs/iouring.c:6354 iosubmitsqe fs/iouring.c:6534 [inline] iosubmitsqes+0x2bbd/0x7c50 fs/io_uring.c:6660 __dosysiouringenter fs/io_uring.c:9240 [inline] _sesysiouringenter+0x256/0x1d60 fs/iouring.c:9182 iolinktimeoutfn() should put only one reference of the linked timeout request, however in case of racing with the master request's completion first ioreqcomplete() puts one and then ioputreqdeferred() is called.

References

https://security-tracker.debian.org/tracker/CVE-2021-47124

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.70-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47124.json"

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47124.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47124.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47124.json"