{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47294","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T13:27:52.130Z","datePublished":"2024-05-21T14:35:18.034Z","dateUpdated":"2025-05-04T12:41:20.978Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:41:20.978Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Decrease sock refcount when sock timers expire\n\nCommit 63346650c1a9 (\"netrom: switch to sock timer API\") switched to use\nsock timer API. It replaces mod_timer() by sk_reset_timer(), and\ndel_timer() by sk_stop_timer().\n\nFunction sk_reset_timer() will increase the refcount of sock if it is\ncalled on an inactive timer, hence, in case the timer expires, we need to\ndecrease the refcount ourselves in the handler, otherwise, the sock\nrefcount will be unbalanced and the sock will never be freed."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netrom/nr_timer.c"],"versions":[{"version":"ce29e8a259de767f7210d346ad2b031cb8ab2732","lessThan":"853262355518cd1247515b74e83fabf038aa6c29","status":"affected","versionType":"git"},{"version":"baa9e32336bf6d0d74a7c3486d2a27feaf57cd5f","lessThan":"a01634bf91f2b6c42583770eb6815fb6d1e251cf","status":"affected","versionType":"git"},{"version":"0adf571fa34b27bd0b97b408cc0f0dc54b72f0eb","lessThan":"48866fd5c361ea417ed24b43fc2a7dc2f5b060ef","status":"affected","versionType":"git"},{"version":"2c6b572458a9127e8070df13fa7f115c29ab1d92","lessThan":"9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950","status":"affected","versionType":"git"},{"version":"63346650c1a94a92be61a57416ac88c0a47c4327","lessThan":"25df44e90ff5959b5c24ad361b648504a7e39ef3","status":"affected","versionType":"git"},{"version":"63346650c1a94a92be61a57416ac88c0a47c4327","lessThan":"6811744bd0efb9e472cb15d066cdb460beb8cb8a","status":"affected","versionType":"git"},{"version":"63346650c1a94a92be61a57416ac88c0a47c4327","lessThan":"bc1660206c3723c37ed4d622ad81781f1e987250","status":"affected","versionType":"git"},{"version":"63346650c1a94a92be61a57416ac88c0a47c4327","lessThan":"517a16b1a88bdb6b530f48d5d153478b2552d9a8","status":"affected","versionType":"git"},{"version":"f1d9a1f2ef6ff17293d21d5e6b80e04bea0cf508","status":"affected","versionType":"git"},{"version":"519e8a22a454b1f1baa3a151b184fe51bc18e178","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netrom/nr_timer.c"],"versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","status":"unaffected","versionType":"semver"},{"version":"4.4.277","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.277","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.241","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.199","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.136","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.54","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.13.6","lessThanOrEqual":"5.13.*","status":"unaffected","versionType":"semver"},{"version":"5.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.173","versionEndExcluding":"4.4.277"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.155","versionEndExcluding":"4.9.277"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.98","versionEndExcluding":"4.14.241"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.20","versionEndExcluding":"4.19.199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.4.136"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.10.54"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.13.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.134"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29"},{"url":"https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf"},{"url":"https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef"},{"url":"https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950"},{"url":"https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3"},{"url":"https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a"},{"url":"https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250"},{"url":"https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8"}],"title":"netrom: Decrease sock refcount when sock timers expire","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47294","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-28T19:24:54.424642Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:14:49.177Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:32:08.527Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8","tags":["x_transferred"]}]}]}}