CVE-2021-47634

Summary

CVE-2021-47634 is a vulnerability in the Linux kernel related to a race condition between the functions ctrl_cdev_ioctl and ubi_cdev_ioctl in the ubi subsystem. Hulk Robot identified a use-after-free issue caused by the concurrent use of two different locks, ubi_devices_mutex and ubi->device_mutex. The race condition occurs during the ubi_attach process, specifically between uif_init and ubi_cdev_ioctl, leading to a potential double free. This vulnerability was introduced by commit 714fb87e8bc0, which made devices available before they were accessible via sysfs. To mitigate this issue, the development team plans to remove ubi_get_device from vol_attribute_show and dev_attribute_show to avoid accessing uninitialized ubi_devices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.