CVE-2021-47328
Vulnerability from cvelistv5
Published
2024-05-21 14:35
Modified
2024-12-19 07:39
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: iscsi: Fix conn use after free during resets
If we haven't done a unbind target call we can race where
iscsi_conn_teardown wakes up the EH thread and then frees the conn while
those threads are still accessing the conn ehwait.
We can only do one TMF per session so this just moves the TMF fields from
the conn to the session. We can then rely on the
iscsi_session_teardown->iscsi_remove_session->__iscsi_unbind_session call
to remove the target and it's devices, and know after that point there is
no device or scsi-ml callout trying to access the session.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2021-47328", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-23T19:06:33.421642Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:48.620Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T05:32:08.445Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://git.kernel.org/stable/c/bf20d85a88384574fabb3d53ad62a8af57e7ab11", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/stable/c/d04958a348e560938410e04a12fb99da9c7e6a00", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/stable/c/89812e7957ab0746eab66ed6fc49d52bb4dca250", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/stable/c/f0a031f7c55ffd944fead1ddaf2aa94df9a158c1", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/stable/c/fa9542b35ceb4202e8f8d65f440529a63524dca9", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/stable/c/ec29d0ac29be366450a7faffbcf8cba3a6a3b506", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Linux", programFiles: [ "drivers/scsi/libiscsi.c", "include/scsi/libiscsi.h", ], repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", vendor: "Linux", versions: [ { lessThan: "bf20d85a88384574fabb3d53ad62a8af57e7ab11", status: "affected", version: "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", versionType: "git", }, { lessThan: "d04958a348e560938410e04a12fb99da9c7e6a00", status: "affected", version: "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", versionType: "git", }, { lessThan: "89812e7957ab0746eab66ed6fc49d52bb4dca250", status: "affected", version: "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", versionType: "git", }, { lessThan: "f0a031f7c55ffd944fead1ddaf2aa94df9a158c1", status: "affected", version: "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", versionType: "git", }, { lessThan: "fa9542b35ceb4202e8f8d65f440529a63524dca9", status: "affected", version: "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", versionType: "git", }, { lessThan: "ec29d0ac29be366450a7faffbcf8cba3a6a3b506", status: "affected", version: "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", versionType: "git", }, ], }, { defaultStatus: "affected", product: "Linux", programFiles: [ "drivers/scsi/libiscsi.c", "include/scsi/libiscsi.h", ], repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", vendor: "Linux", versions: [ { lessThanOrEqual: "4.19.*", status: "unaffected", version: "4.19.198", versionType: "semver", }, { lessThanOrEqual: "5.4.*", status: "unaffected", version: "5.4.134", versionType: "semver", }, { lessThanOrEqual: "5.10.*", status: "unaffected", version: "5.10.52", versionType: "semver", }, { lessThanOrEqual: "5.12.*", status: "unaffected", version: "5.12.19", versionType: "semver", }, { lessThanOrEqual: "5.13.*", status: "unaffected", version: "5.13.4", versionType: "semver", }, { lessThanOrEqual: "*", status: "unaffected", version: "5.14", versionType: "original_commit_for_fix", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: iscsi: Fix conn use after free during resets\n\nIf we haven't done a unbind target call we can race where\niscsi_conn_teardown wakes up the EH thread and then frees the conn while\nthose threads are still accessing the conn ehwait.\n\nWe can only do one TMF per session so this just moves the TMF fields from\nthe conn to the session. We can then rely on the\niscsi_session_teardown->iscsi_remove_session->__iscsi_unbind_session call\nto remove the target and it's devices, and know after that point there is\nno device or scsi-ml callout trying to access the session.", }, ], providerMetadata: { dateUpdated: "2024-12-19T07:39:47.968Z", orgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", shortName: "Linux", }, references: [ { url: "https://git.kernel.org/stable/c/bf20d85a88384574fabb3d53ad62a8af57e7ab11", }, { url: "https://git.kernel.org/stable/c/d04958a348e560938410e04a12fb99da9c7e6a00", }, { url: "https://git.kernel.org/stable/c/89812e7957ab0746eab66ed6fc49d52bb4dca250", }, { url: "https://git.kernel.org/stable/c/f0a031f7c55ffd944fead1ddaf2aa94df9a158c1", }, { url: "https://git.kernel.org/stable/c/fa9542b35ceb4202e8f8d65f440529a63524dca9", }, { url: "https://git.kernel.org/stable/c/ec29d0ac29be366450a7faffbcf8cba3a6a3b506", }, ], title: "scsi: iscsi: Fix conn use after free during resets", x_generator: { engine: "bippy-5f407fcff5a0", }, }, }, cveMetadata: { assignerOrgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", assignerShortName: "Linux", cveId: "CVE-2021-47328", datePublished: "2024-05-21T14:35:40.479Z", dateReserved: "2024-05-21T14:28:16.975Z", dateUpdated: "2024-12-19T07:39:47.968Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-47328\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T15:15:19.823\",\"lastModified\":\"2024-12-26T19:52:18.833\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: iscsi: Fix conn use after free during resets\\n\\nIf we haven't done a unbind target call we can race where\\niscsi_conn_teardown wakes up the EH thread and then frees the conn while\\nthose threads are still accessing the conn ehwait.\\n\\nWe can only do one TMF per session so this just moves the TMF fields from\\nthe conn to the session. We can then rely on the\\niscsi_session_teardown->iscsi_remove_session->__iscsi_unbind_session call\\nto remove the target and it's devices, and know after that point there is\\nno device or scsi-ml callout trying to access the session.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: iscsi: corrige el uso de la conexión después de liberarla durante los reinicios. Si no hemos realizado una llamada de destino de desvinculación, podemos correr donde iscsi_conn_teardown activa el subproceso EH y luego libera la conexión mientras esos Los hilos todavía están accediendo a la conexión ehwait. Solo podemos hacer un TMF por sesión, por lo que esto simplemente mueve los campos TMF de la conexión a la sesión. Luego podemos confiar en la llamada iscsi_session_teardown->iscsi_remove_session->__iscsi_unbind_session para eliminar el objetivo y sus dispositivos, y saber después de ese punto que no hay ningún dispositivo o llamada scsi-ml intentando acceder a la sesión.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.19.198\",\"matchCriteriaId\":\"2CB3D1A5-433D-41F0-95A6-97558C0ECCAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.134\",\"matchCriteriaId\":\"508D9771-335F-44A6-9F2F-880DF1267A1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.52\",\"matchCriteriaId\":\"7C1E6FB6-53C8-4DC4-8AE5-93094BA39F62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.12.19\",\"matchCriteriaId\":\"34C1A2F4-DD44-4CF1-8FD4-751A0D746A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13\",\"versionEndExcluding\":\"5.13.4\",\"matchCriteriaId\":\"F93FA3CC-0C79-410B-A7D7-245C2AA0723A\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/89812e7957ab0746eab66ed6fc49d52bb4dca250\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bf20d85a88384574fabb3d53ad62a8af57e7ab11\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d04958a348e560938410e04a12fb99da9c7e6a00\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ec29d0ac29be366450a7faffbcf8cba3a6a3b506\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f0a031f7c55ffd944fead1ddaf2aa94df9a158c1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fa9542b35ceb4202e8f8d65f440529a63524dca9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/89812e7957ab0746eab66ed6fc49d52bb4dca250\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bf20d85a88384574fabb3d53ad62a8af57e7ab11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d04958a348e560938410e04a12fb99da9c7e6a00\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ec29d0ac29be366450a7faffbcf8cba3a6a3b506\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f0a031f7c55ffd944fead1ddaf2aa94df9a158c1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fa9542b35ceb4202e8f8d65f440529a63524dca9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/bf20d85a88384574fabb3d53ad62a8af57e7ab11\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/d04958a348e560938410e04a12fb99da9c7e6a00\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/89812e7957ab0746eab66ed6fc49d52bb4dca250\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/f0a031f7c55ffd944fead1ddaf2aa94df9a158c1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/fa9542b35ceb4202e8f8d65f440529a63524dca9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/ec29d0ac29be366450a7faffbcf8cba3a6a3b506\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:32:08.445Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-47328\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-23T19:06:33.421642Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T15:20:43.975Z\"}}], \"cna\": {\"title\": \"scsi: iscsi: Fix conn use after free during resets\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"bf20d85a88384574fabb3d53ad62a8af57e7ab11\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"d04958a348e560938410e04a12fb99da9c7e6a00\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"89812e7957ab0746eab66ed6fc49d52bb4dca250\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"f0a031f7c55ffd944fead1ddaf2aa94df9a158c1\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"fa9542b35ceb4202e8f8d65f440529a63524dca9\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"ec29d0ac29be366450a7faffbcf8cba3a6a3b506\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/scsi/libiscsi.c\", \"include/scsi/libiscsi.h\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.19.198\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.134\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.52\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.12.19\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.*\"}, {\"status\": \"unaffected\", \"version\": \"5.13.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.13.*\"}, {\"status\": \"unaffected\", \"version\": \"5.14\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/scsi/libiscsi.c\", \"include/scsi/libiscsi.h\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/bf20d85a88384574fabb3d53ad62a8af57e7ab11\"}, {\"url\": \"https://git.kernel.org/stable/c/d04958a348e560938410e04a12fb99da9c7e6a00\"}, {\"url\": \"https://git.kernel.org/stable/c/89812e7957ab0746eab66ed6fc49d52bb4dca250\"}, {\"url\": \"https://git.kernel.org/stable/c/f0a031f7c55ffd944fead1ddaf2aa94df9a158c1\"}, {\"url\": \"https://git.kernel.org/stable/c/fa9542b35ceb4202e8f8d65f440529a63524dca9\"}, {\"url\": \"https://git.kernel.org/stable/c/ec29d0ac29be366450a7faffbcf8cba3a6a3b506\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: iscsi: Fix conn use after free during resets\\n\\nIf we haven't done a unbind target call we can race where\\niscsi_conn_teardown wakes up the EH thread and then frees the conn while\\nthose threads are still accessing the conn ehwait.\\n\\nWe can only do one TMF per session so this just moves the TMF fields from\\nthe conn to the session. We can then rely on the\\niscsi_session_teardown->iscsi_remove_session->__iscsi_unbind_session call\\nto remove the target and it's devices, and know after that point there is\\nno device or scsi-ml callout trying to access the session.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-12-19T07:39:47.968Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2021-47328\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-19T07:39:47.968Z\", \"dateReserved\": \"2024-05-21T14:28:16.975Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-05-21T14:35:40.479Z\", \"assignerShortName\": \"Linux\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.