{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47387","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T14:58:30.813Z","datePublished":"2024-05-21T15:03:46.925Z","dateUpdated":"2025-05-04T07:09:51.475Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:09:51.475Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: schedutil: Use kobject release() method to free sugov_tunables\n\nThe struct sugov_tunables is protected by the kobject, so we can't free\nit directly. Otherwise we would get a call trace like this:\n  ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x30\n  WARNING: CPU: 3 PID: 720 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100\n  Modules linked in:\n  CPU: 3 PID: 720 Comm: a.sh Tainted: G        W         5.14.0-rc1-next-20210715-yocto-standard+ #507\n  Hardware name: Marvell OcteonTX CN96XX board (DT)\n  pstate: 40400009 (nZcv daif +PAN -UAO -TCO BTYPE=--)\n  pc : debug_print_object+0xb8/0x100\n  lr : debug_print_object+0xb8/0x100\n  sp : ffff80001ecaf910\n  x29: ffff80001ecaf910 x28: ffff00011b10b8d0 x27: ffff800011043d80\n  x26: ffff00011a8f0000 x25: ffff800013cb3ff0 x24: 0000000000000000\n  x23: ffff80001142aa68 x22: ffff800011043d80 x21: ffff00010de46f20\n  x20: ffff800013c0c520 x19: ffff800011d8f5b0 x18: 0000000000000010\n  x17: 6e6968207473696c x16: 5f72656d6974203a x15: 6570797420746365\n  x14: 6a626f2029302065 x13: 303378302f307830 x12: 2b6e665f72656d69\n  x11: ffff8000124b1560 x10: ffff800012331520 x9 : ffff8000100ca6b0\n  x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 0000000000000001\n  x5 : ffff800011d8c000 x4 : ffff800011d8c740 x3 : 0000000000000000\n  x2 : ffff0001108301c0 x1 : ab3c90eedf9c0f00 x0 : 0000000000000000\n  Call trace:\n   debug_print_object+0xb8/0x100\n   __debug_check_no_obj_freed+0x1c0/0x230\n   debug_check_no_obj_freed+0x20/0x88\n   slab_free_freelist_hook+0x154/0x1c8\n   kfree+0x114/0x5d0\n   sugov_exit+0xbc/0xc0\n   cpufreq_exit_governor+0x44/0x90\n   cpufreq_set_policy+0x268/0x4a8\n   store_scaling_governor+0xe0/0x128\n   store+0xc0/0xf0\n   sysfs_kf_write+0x54/0x80\n   kernfs_fop_write_iter+0x128/0x1c0\n   new_sync_write+0xf0/0x190\n   vfs_write+0x2d4/0x478\n   ksys_write+0x74/0x100\n   __arm64_sys_write+0x24/0x30\n   invoke_syscall.constprop.0+0x54/0xe0\n   do_el0_svc+0x64/0x158\n   el0_svc+0x2c/0xb0\n   el0t_64_sync_handler+0xb0/0xb8\n   el0t_64_sync+0x198/0x19c\n  irq event stamp: 5518\n  hardirqs last  enabled at (5517): [<ffff8000100cbd7c>] console_unlock+0x554/0x6c8\n  hardirqs last disabled at (5518): [<ffff800010fc0638>] el1_dbg+0x28/0xa0\n  softirqs last  enabled at (5504): [<ffff8000100106e0>] __do_softirq+0x4d0/0x6c0\n  softirqs last disabled at (5483): [<ffff800010049548>] irq_exit+0x1b0/0x1b8\n\nSo split the original sugov_tunables_free() into two functions,\nsugov_clear_global_tunables() is just used to clear the global_tunables\nand the new sugov_tunables_free() is used as kobj_type::release to\nrelease the sugov_tunables safely."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/sched/cpufreq_schedutil.c"],"versions":[{"version":"9bdcb44e391da5c41b98573bf0305a0e0b1c9569","lessThan":"cb4a53ba37532c861a5f3f22803391018a41849a","status":"affected","versionType":"git"},{"version":"9bdcb44e391da5c41b98573bf0305a0e0b1c9569","lessThan":"463c46705f321201090b69c4ad5da0cd2ce614c9","status":"affected","versionType":"git"},{"version":"9bdcb44e391da5c41b98573bf0305a0e0b1c9569","lessThan":"30d57cf2c4116ca6d34ecd1cac94ad84f8bc446c","status":"affected","versionType":"git"},{"version":"9bdcb44e391da5c41b98573bf0305a0e0b1c9569","lessThan":"67c98e023135ff81b8d52998a6fdb8ca0c518d82","status":"affected","versionType":"git"},{"version":"9bdcb44e391da5c41b98573bf0305a0e0b1c9569","lessThan":"a7d4fc84404d45d72f4490417e8cc3efa4af93f1","status":"affected","versionType":"git"},{"version":"9bdcb44e391da5c41b98573bf0305a0e0b1c9569","lessThan":"8d62aec52a8c5b1d25a2364b243fcc5098a2ede9","status":"affected","versionType":"git"},{"version":"9bdcb44e391da5c41b98573bf0305a0e0b1c9569","lessThan":"e5c6b312ce3cc97e90ea159446e6bfa06645364d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/sched/cpufreq_schedutil.c"],"versions":[{"version":"4.7","status":"affected"},{"version":"0","lessThan":"4.7","status":"unaffected","versionType":"semver"},{"version":"4.9.285","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.249","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.209","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.151","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.71","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.14.10","lessThanOrEqual":"5.14.*","status":"unaffected","versionType":"semver"},{"version":"5.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"4.9.285"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"4.14.249"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"4.19.209"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.4.151"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.10.71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.14.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/cb4a53ba37532c861a5f3f22803391018a41849a"},{"url":"https://git.kernel.org/stable/c/463c46705f321201090b69c4ad5da0cd2ce614c9"},{"url":"https://git.kernel.org/stable/c/30d57cf2c4116ca6d34ecd1cac94ad84f8bc446c"},{"url":"https://git.kernel.org/stable/c/67c98e023135ff81b8d52998a6fdb8ca0c518d82"},{"url":"https://git.kernel.org/stable/c/a7d4fc84404d45d72f4490417e8cc3efa4af93f1"},{"url":"https://git.kernel.org/stable/c/8d62aec52a8c5b1d25a2364b243fcc5098a2ede9"},{"url":"https://git.kernel.org/stable/c/e5c6b312ce3cc97e90ea159446e6bfa06645364d"}],"title":"cpufreq: schedutil: Use kobject release() method to free sugov_tunables","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-11T18:55:39.448369Z","id":"CVE-2021-47387","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-11T18:55:51.627Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:39:59.003Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/cb4a53ba37532c861a5f3f22803391018a41849a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/463c46705f321201090b69c4ad5da0cd2ce614c9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/30d57cf2c4116ca6d34ecd1cac94ad84f8bc446c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/67c98e023135ff81b8d52998a6fdb8ca0c518d82","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a7d4fc84404d45d72f4490417e8cc3efa4af93f1","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8d62aec52a8c5b1d25a2364b243fcc5098a2ede9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e5c6b312ce3cc97e90ea159446e6bfa06645364d","tags":["x_transferred"]}]}]}}