[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-47069":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":21,"downstream":22,"duplicates":49,"related":50,"reserved_at":9,"published_at":58,"modified_at":59,"state":60,"summary":61,"references_raw":69,"kevs":84,"epss":85,"epss_history":88,"metrics":351,"affected":357},"CVE-2021-47069","In the Linux kernel, the following vulnerability has been resolved:\n\nipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry\n\ndo_mq_timedreceive calls wq_sleep with a stack local address.  The\nsender (do_mq_timedsend) uses this address to later call pipelined_send.\n\nThis leads to a very hard to trigger race where a do_mq_timedreceive\ncall might return and leave do_mq_timedsend to rely on an invalid\naddress, causing the following crash:\n\n  RIP: 0010:wake_q_add_safe+0x13/0x60\n  Call Trace:\n   __x64_sys_mq_timedsend+0x2a9/0x490\n   do_syscall_64+0x80/0x680\n   entry_SYSCALL_64_after_hwframe+0x44/0xa9\n  RIP: 0033:0x7f5928e40343\n\nThe race occurs as:\n\n1. do_mq_timedreceive calls wq_sleep with the address of `struct\n   ext_wait_queue` on function stack (aliased as `ewq_addr` here) - it\n   holds a valid `struct ext_wait_queue *` as long as the stack has not\n   been overwritten.\n\n2. `ewq_addr` gets added to info->e_wait_q[RECV].list in wq_add, and\n   do_mq_timedsend receives it via wq_get_first_waiter(info, RECV) to call\n   __pipelined_op.\n\n3. Sender calls __pipelined_op::smp_store_release(&this->state,\n   STATE_READY).  Here is where the race window begins.  (`this` is\n   `ewq_addr`.)\n\n4. If the receiver wakes up now in do_mq_timedreceive::wq_sleep, it\n   will see `state == STATE_READY` and break.\n\n5. do_mq_timedreceive returns, and `ewq_addr` is no longer guaranteed\n   to be a `struct ext_wait_queue *` since it was on do_mq_timedreceive's\n   stack.  (Although the address may not get overwritten until another\n   function happens to touch it, which means it can persist around for an\n   indefinite time.)\n\n6. do_mq_timedsend::__pipelined_op() still believes `ewq_addr` is a\n   `struct ext_wait_queue *`, and uses it to find a task_struct to pass to\n   the wake_q_add_safe call.  In the lucky case where nothing has\n   overwritten `ewq_addr` yet, `ewq_addr->task` is the right task_struct.\n   In the unlucky case, __pipelined_op::wake_q_add_safe gets handed a\n   bogus address as the receiver's task_struct causing the crash.\n\ndo_mq_timedsend::__pipelined_op() should not dereference `this` after\nsetting STATE_READY, as the receiver counterpart is now free to return.\nChange __pipelined_op to call wake_q_add_safe on the receiver's\ntask_struct returned by get_task_struct, instead of dereferencing `this`\nwhich sits on the receiver's stack.\n\nAs Manfred pointed out, the race potentially also exists in\nipc/msg.c::expunge_all and ipc/sem.c::wake_up_sem_queue_prepare.  Fix\nthose in the same way.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-672","Operation on a Resource after Expiration or Release","The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.","weakness","Draft","Class",[],[],[],[],[23,25,27,29,31,33,35,37,39,41,43,45,47],{"_key":24},"SUSE-SU-2024:0856-1",{"_key":26},"SUSE-SU-2024:0857-1",{"_key":28},"SUSE-SU-2024:3565-1",{"_key":30},"UBUNTU-CVE-2021-47069",{"_key":32},"SUSE-SU-2024:0926-1",{"_key":34},"SUSE-SU-2024:1454-1",{"_key":36},"SUSE-SU-2024:1489-1",{"_key":38},"SUSE-SU-2024:3585-1",{"_key":40},"DEBIAN-CVE-2021-47069",{"_key":42},"RHSA-2024:5692",{"_key":44},"RHSA-2024:6206",{"_key":46},"RHSA-2024:4211",{"_key":48},"RHSA-2024:4352",[],[51,52,53,54,55,56,57],{"_key":24},{"_key":26},{"_key":28},{"_key":32},{"_key":34},{"_key":36},{"_key":38},"2024-03-01T21:15:08.598Z","2026-05-11T13:47:28.778Z","Analyzed",{"cisa_kev":62,"cisa_ransomware":62,"cisa_vendor":9,"epss_severity":63,"epss_score":64,"severity":65,"severity_score":4,"severity_version":66,"severity_source":67,"severity_vector":68,"severity_status":60},false,"low",0.00018,"high","v3.1","nvd","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",[70,76,80],{"url":71,"sources":72,"tags":74},"https://git.kernel.org/stable/c/4528c0c323085e645b8765913b4a7fd42cf49b65",[73,67],"cve.org",[75],"Patch",{"url":77,"sources":78,"tags":79},"https://git.kernel.org/stable/c/807fa14536b26803b858da878b643be72952a097",[73,67],[75],{"url":81,"sources":82,"tags":83},"https://git.kernel.org/stable/c/a11ddb37bf367e6b5239b95ca759e5389bb46048",[73,67],[75],[],{"date":86,"score":64,"percentile":87},"2026-06-03",0.05042,[89,93,96,99,102,105,107,110,113,116,119,122,125,128,131,135,138,141,144,147,149,152,155,158,161,163,166,169,172,175,178,181,184,187,190,193,196,199,202,205,208,211,214,217,220,223,226,229,232,235,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,288,290,293,296,298,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,344,346,348],{"date":90,"score":91,"percentile":92},"2025-11-04",0.00014,0.01568,{"date":94,"score":91,"percentile":95},"2025-11-05",0.01593,{"date":97,"score":91,"percentile":98},"2025-11-06",0.0161,{"date":100,"score":91,"percentile":101},"2025-11-07",0.01614,{"date":103,"score":91,"percentile":104},"2025-11-08",0.0162,{"date":106,"score":91,"percentile":104},"2025-11-09",{"date":108,"score":91,"percentile":109},"2025-11-10",0.01602,{"date":111,"score":91,"percentile":112},"2025-11-11",0.01615,{"date":114,"score":91,"percentile":115},"2025-11-12",0.01626,{"date":117,"score":91,"percentile":118},"2025-11-13",0.0164,{"date":120,"score":91,"percentile":121},"2025-11-14",0.01644,{"date":123,"score":91,"percentile":124},"2025-11-15",0.01665,{"date":126,"score":91,"percentile":127},"2025-11-16",0.01672,{"date":129,"score":91,"percentile":130},"2025-11-17",0.01654,{"date":132,"score":133,"percentile":134},"2025-11-18",0.00106,0.24495,{"date":136,"score":133,"percentile":137},"2025-11-19",0.24521,{"date":139,"score":133,"percentile":140},"2025-11-20",0.24533,{"date":142,"score":64,"percentile":143},"2025-11-21",0.03621,{"date":145,"score":64,"percentile":146},"2025-11-22",0.03625,{"date":148,"score":64,"percentile":143},"2025-11-23",{"date":150,"score":64,"percentile":151},"2025-11-24",0.036,{"date":153,"score":64,"percentile":154},"2025-11-25",0.03604,{"date":156,"score":64,"percentile":157},"2025-11-26",0.0362,{"date":159,"score":64,"percentile":160},"2025-11-27",0.03635,{"date":162,"score":64,"percentile":160},"2025-11-28",{"date":164,"score":64,"percentile":165},"2025-11-29",0.03677,{"date":167,"score":64,"percentile":168},"2025-11-30",0.03687,{"date":170,"score":64,"percentile":171},"2025-12-01",0.03781,{"date":173,"score":64,"percentile":174},"2025-12-02",0.03794,{"date":176,"score":64,"percentile":177},"2025-12-03",0.03807,{"date":179,"score":64,"percentile":180},"2025-12-04",0.03756,{"date":182,"score":64,"percentile":183},"2025-12-05",0.03811,{"date":185,"score":64,"percentile":186},"2025-12-06",0.03828,{"date":188,"score":64,"percentile":189},"2025-12-07",0.03832,{"date":191,"score":64,"percentile":192},"2025-12-08",0.03838,{"date":194,"score":64,"percentile":195},"2025-12-09",0.03885,{"date":197,"score":64,"percentile":198},"2025-12-10",0.03921,{"date":200,"score":64,"percentile":201},"2025-12-11",0.03908,{"date":203,"score":64,"percentile":204},"2025-12-12",0.03924,{"date":206,"score":64,"percentile":207},"2025-12-13",0.03936,{"date":209,"score":64,"percentile":210},"2025-12-14",0.03927,{"date":212,"score":64,"percentile":213},"2025-12-15",0.03886,{"date":215,"score":64,"percentile":216},"2025-12-16",0.03902,{"date":218,"score":64,"percentile":219},"2025-12-17",0.0394,{"date":221,"score":64,"percentile":222},"2025-12-18",0.03961,{"date":224,"score":64,"percentile":225},"2025-12-19",0.03944,{"date":227,"score":64,"percentile":228},"2025-12-20",0.03947,{"date":230,"score":64,"percentile":231},"2025-12-21",0.0397,{"date":233,"score":64,"percentile":234},"2025-12-22",0.03935,{"date":236,"score":64,"percentile":225},"2025-12-23",{"date":238,"score":64,"percentile":239},"2025-12-24",0.03953,{"date":241,"score":64,"percentile":242},"2025-12-25",0.03992,{"date":244,"score":64,"percentile":245},"2025-12-26",0.03987,{"date":247,"score":64,"percentile":248},"2025-12-27",0.03998,{"date":250,"score":64,"percentile":251},"2025-12-28",0.03991,{"date":253,"score":64,"percentile":254},"2025-12-29",0.03981,{"date":256,"score":64,"percentile":257},"2025-12-30",0.03926,{"date":259,"score":64,"percentile":260},"2025-12-31",0.03942,{"date":262,"score":64,"percentile":263},"2026-01-01",0.04028,{"date":265,"score":64,"percentile":266},"2026-01-02",0.04025,{"date":268,"score":64,"percentile":269},"2026-01-03",0.04013,{"date":271,"score":64,"percentile":272},"2026-01-04",0.03903,{"date":274,"score":64,"percentile":275},"2026-01-05",0.03866,{"date":277,"score":64,"percentile":278},"2026-01-06",0.03858,{"date":280,"score":64,"percentile":281},"2026-01-07",0.03883,{"date":283,"score":64,"percentile":284},"2026-01-08",0.0391,{"date":286,"score":64,"percentile":287},"2026-01-09",0.03918,{"date":289,"score":64,"percentile":257},"2026-01-10",{"date":291,"score":64,"percentile":292},"2026-01-11",0.03904,{"date":294,"score":64,"percentile":295},"2026-01-12",0.03915,{"date":297,"score":64,"percentile":201},"2026-01-13",{"date":299,"score":64,"percentile":225},"2026-01-14",{"date":301,"score":64,"percentile":302},"2026-01-15",0.03872,{"date":304,"score":64,"percentile":305},"2026-01-16",0.03846,{"date":307,"score":64,"percentile":308},"2026-01-17",0.03847,{"date":310,"score":64,"percentile":311},"2026-01-18",0.03822,{"date":313,"score":64,"percentile":314},"2026-01-19",0.03779,{"date":316,"score":64,"percentile":317},"2026-01-20",0.03749,{"date":319,"score":64,"percentile":320},"2026-01-21",0.03741,{"date":322,"score":64,"percentile":323},"2026-01-22",0.03746,{"date":325,"score":64,"percentile":326},"2026-01-23",0.03791,{"date":328,"score":64,"percentile":329},"2026-01-24",0.03823,{"date":331,"score":64,"percentile":332},"2026-01-25",0.03801,{"date":334,"score":64,"percentile":335},"2026-01-26",0.03784,{"date":337,"score":64,"percentile":338},"2026-01-27",0.03773,{"date":340,"score":64,"percentile":341},"2026-01-28",0.0376,{"date":343,"score":64,"percentile":314},"2026-01-29",{"date":345,"score":64,"percentile":314},"2026-01-30",{"date":347,"score":64,"percentile":180},"2026-01-31",{"date":349,"score":64,"percentile":350},"2026-02-01",0.03857,[352],{"source":67,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":353,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":354,"vectorString":68,"impactScore":355,"exploitabilityScore":356},"HIGH",9.8,2.6,[358,378],{"ecosystem":9,"name":359,"vendor":360,"product":360,"cpe_part":361,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":362},"Linux","linux","a",[363,370,373,376],{"version":364,"is_range":365,"range_type":73,"version_start":366,"version_start_type":367,"version_end":368,"version_end_type":369,"fixed_in":9},">= c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04, \u003C 4528c0c323085e645b8765913b4a7fd42cf49b65",true,"c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04","including","4528c0c323085e645b8765913b4a7fd42cf49b65","excluding",{"version":371,"is_range":365,"range_type":73,"version_start":366,"version_start_type":367,"version_end":372,"version_end_type":369,"fixed_in":9},">= c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04, \u003C 807fa14536b26803b858da878b643be72952a097","807fa14536b26803b858da878b643be72952a097",{"version":374,"is_range":365,"range_type":73,"version_start":366,"version_start_type":367,"version_end":375,"version_end_type":369,"fixed_in":9},">= c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04, \u003C a11ddb37bf367e6b5239b95ca759e5389bb46048","a11ddb37bf367e6b5239b95ca759e5389bb46048",{"version":377,"is_range":62,"range_type":73,"version_start":377,"version_start_type":367,"version_end":377,"version_end_type":367,"fixed_in":9},"5.6",{"ecosystem":9,"name":379,"vendor":360,"product":380,"cpe_part":381,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":382},"linux kernel","linux_kernel","o",[383,387,391,393],{"version":384,"is_range":365,"range_type":385,"version_start":377,"version_start_type":367,"version_end":386,"version_end_type":369,"fixed_in":9},"gte5.6_lt5.10.40","cpe","5.10.40",{"version":388,"is_range":365,"range_type":385,"version_start":389,"version_start_type":367,"version_end":390,"version_end_type":369,"fixed_in":9},"gte5.11_lt5.12.7","5.11","5.12.7",{"version":392,"is_range":62,"range_type":385,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.13:rc1",{"version":394,"is_range":62,"range_type":385,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.13:rc2"]