{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47555","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-24T15:02:54.833Z","datePublished":"2024-05-24T15:09:57.302Z","dateUpdated":"2025-05-04T12:41:42.856Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:41:42.856Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix underflow for the real_dev refcnt\n\nInject error before dev_hold(real_dev) in register_vlan_dev(),\nand execute the following testcase:\n\nip link add dev dummy1 type dummy\nip link add name dummy1.100 link dummy1 type vlan id 100\nip link del dev dummy1\n\nWhen the dummy netdevice is removed, we will get a WARNING as following:\n\n=======================================================================\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 2 PID: 0 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0\n\nand an endless loop of:\n\n=======================================================================\nunregister_netdevice: waiting for dummy1 to become free. Usage count = -1073741824\n\nThat is because dev_put(real_dev) in vlan_dev_free() be called without\ndev_hold(real_dev) in register_vlan_dev(). It makes the refcnt of real_dev\nunderflow.\n\nMove the dev_hold(real_dev) to vlan_dev_init() which is the call-back of\nndo_init(). That makes dev_hold() and dev_put() for vlan's real_dev\nsymmetrical."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/8021q/vlan.c","net/8021q/vlan_dev.c"],"versions":[{"version":"700602b662d7eaa816b1a3cb0abe7a85de358fd4","lessThan":"5e44178864b38dd70b877985abd7d86fdb95f27d","status":"affected","versionType":"git"},{"version":"e04a7a84bb77f9cdf4475340fe931389bc72331c","lessThan":"6e800ee43218a56acc93676bbb3d93b74779e555","status":"affected","versionType":"git"},{"version":"21032425c36ff85f16e72ca92193a8c401e4acd5","lessThan":"f7fc72a508cf115c273a7a29350069def1041890","status":"affected","versionType":"git"},{"version":"563bcbae3ba233c275c244bfce2efe12938f5363","lessThan":"01d9cc2dea3fde3bad6d27f464eff463496e2b00","status":"affected","versionType":"git"},{"version":"fca96b3f852a1b369b7b2844ce357cd689879934","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/8021q/vlan.c","net/8021q/vlan_dev.c"],"versions":[{"version":"5.4.160","lessThan":"5.4.163","status":"affected","versionType":"semver"},{"version":"5.10.80","lessThan":"5.10.83","status":"affected","versionType":"semver"},{"version":"5.15.3","lessThan":"5.15.6","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.160","versionEndExcluding":"5.4.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.80","versionEndExcluding":"5.10.83"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.3","versionEndExcluding":"5.15.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5e44178864b38dd70b877985abd7d86fdb95f27d"},{"url":"https://git.kernel.org/stable/c/6e800ee43218a56acc93676bbb3d93b74779e555"},{"url":"https://git.kernel.org/stable/c/f7fc72a508cf115c273a7a29350069def1041890"},{"url":"https://git.kernel.org/stable/c/01d9cc2dea3fde3bad6d27f464eff463496e2b00"}],"title":"net: vlan: fix underflow for the real_dev refcnt","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-noinfo Not enough information"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.4,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"LOW","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-05-29T16:50:13.639283Z","id":"CVE-2021-47555","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-04T20:18:51.592Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:39:59.857Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/5e44178864b38dd70b877985abd7d86fdb95f27d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6e800ee43218a56acc93676bbb3d93b74779e555","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f7fc72a508cf115c273a7a29350069def1041890","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/01d9cc2dea3fde3bad6d27f464eff463496e2b00","tags":["x_transferred"]}]}]}}