CVE-2021-47360

In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object cleanup may close 1 or more fds. The close operations are completed using the task work mechanism -- which means the thread needs to return to userspace or the file object may never be dereferenced -- which can lead to hung processes. Force the binder thread back to userspace if an fd is closed during BC_FREE_BUFFER handling.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/5fdb55c1ac9585eb23bb2541d5819224429e103d	Patch
https://git.kernel.org/stable/c/aa2c274c279ff365a06a4cba263f04965895166e	Patch
https://git.kernel.org/stable/c/b95483d8d94b41fa31a84c1d86710b7907a37621	Patch
https://git.kernel.org/stable/c/d5b0473707fa53b03a5db0256ce62b2874bddbc7	Patch
https://git.kernel.org/stable/c/5fdb55c1ac9585eb23bb2541d5819224429e103d	Patch
https://git.kernel.org/stable/c/aa2c274c279ff365a06a4cba263f04965895166e	Patch
https://git.kernel.org/stable/c/b95483d8d94b41fa31a84c1d86710b7907a37621	Patch
https://git.kernel.org/stable/c/d5b0473707fa53b03a5db0256ce62b2874bddbc7	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.20.1:::::::*
	cpe:2.3:o:linux:linux_kernel:5.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc2::::::

History

12 May 2025, 19:54

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/5fdb55c1ac9585eb23bb2541d5819224429e103d -~~	() https://git.kernel.org/stable/c/5fdb55c1ac9585eb23bb2541d5819224429e103d - Patch
References	~~() https://git.kernel.org/stable/c/aa2c274c279ff365a06a4cba263f04965895166e -~~	() https://git.kernel.org/stable/c/aa2c274c279ff365a06a4cba263f04965895166e - Patch
References	~~() https://git.kernel.org/stable/c/b95483d8d94b41fa31a84c1d86710b7907a37621 -~~	() https://git.kernel.org/stable/c/b95483d8d94b41fa31a84c1d86710b7907a37621 - Patch
References	~~() https://git.kernel.org/stable/c/d5b0473707fa53b03a5db0256ce62b2874bddbc7 -~~	() https://git.kernel.org/stable/c/d5b0473707fa53b03a5db0256ce62b2874bddbc7 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:4.20.1:::::::* cpe:2.3:o:linux:linux_kernel:5.15:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-252

21 Nov 2024, 06:35

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/5fdb55c1ac9585eb23bb2541d5819224429e103d -~~	() https://git.kernel.org/stable/c/5fdb55c1ac9585eb23bb2541d5819224429e103d -
References	~~() https://git.kernel.org/stable/c/aa2c274c279ff365a06a4cba263f04965895166e -~~	() https://git.kernel.org/stable/c/aa2c274c279ff365a06a4cba263f04965895166e -
References	~~() https://git.kernel.org/stable/c/b95483d8d94b41fa31a84c1d86710b7907a37621 -~~	() https://git.kernel.org/stable/c/b95483d8d94b41fa31a84c1d86710b7907a37621 -
References	~~() https://git.kernel.org/stable/c/d5b0473707fa53b03a5db0256ce62b2874bddbc7 -~~	() https://git.kernel.org/stable/c/d5b0473707fa53b03a5db0256ce62b2874bddbc7 -
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: carpeta: asegúrese de que fd se cierre por completo Durante el procesamiento BC_FREE_BUFFER, la limpieza del objeto BINDER_TYPE_FDA puede cerrar 1 o más fds. Las operaciones de cierre se completan utilizando el mecanismo de trabajo de tareas, lo que significa que el hilo debe regresar al espacio de usuario o es posible que nunca se elimine la referencia al objeto de archivo, lo que puede llevar a procesos bloqueados. Fuerce el hilo de la carpeta a regresar al espacio de usuario si se cierra un fd durante el manejo de BC_FREE_BUFFER.

21 May 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-21 15:15

Updated : 2025-05-12 19:54

NVD link : CVE-2021-47360

Mitre link : CVE-2021-47360

CVE.ORG link : CVE-2021-47360

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-252

Unchecked Return Value

5.5 /10