Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: io-wq: check for wq exit after adding new worker task_work We check IO_WQ_BIT_EXIT before attempting to create a new worker, and wq exit cancels pending work if we have any. But it's possible to have a race between the two, where creation checks exit finding it not set, but we're in the process of exiting. The exit side will cancel pending creation task_work, but there's a gap where we add task_work after we've canceled existing creations at exit time. Fix this by checking the EXIT bit post adding the creation task_work. If it's set, run the same cancelation that exit does.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.15.11 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ecPatch
- https://git.kernel.org/stable/c/71a85387546e50b1a37b0fa45dadcae3bfb35cf6Patch
- https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ecPatch
- https://git.kernel.org/stable/c/71a85387546e50b1a37b0fa45dadcae3bfb35cf6Patch
FAQ
What is CVE-2021-47577?
CVE-2021-47577 is a vulnerability with a CVSS score of 4.7 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: io-wq: check for wq exit after adding new worker task_work We check IO_WQ_BIT_EXIT before attempting to create a new worker, and w...
How severe is CVE-2021-47577?
CVE-2021-47577 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47577?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.