[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-47118":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":48,"related":49,"reserved_at":9,"published_at":56,"modified_at":57,"state":58,"summary":59,"references_raw":68,"kevs":103,"epss":104,"epss_history":107,"metrics":354,"affected":360},"CVE-2021-47118","In the Linux kernel, the following vulnerability has been resolved:\n\npid: take a reference when initializing `cad_pid`\n\nDuring boot, kernel_init_freeable() initializes `cad_pid` to the init\ntask's struct pid.  Later on, we may change `cad_pid` via a sysctl, and\nwhen this happens proc_do_cad_pid() will increment the refcount on the\nnew pid via get_pid(), and will decrement the refcount on the old pid\nvia put_pid().  As we never called get_pid() when we initialized\n`cad_pid`, we decrement a reference we never incremented, can therefore\nfree the init task's struct pid early.  As there can be dangling\nreferences to the struct pid, we can later encounter a use-after-free\n(e.g.  when delivering signals).\n\nThis was spotted when fuzzing v5.13-rc3 with Syzkaller, but seems to\nhave been around since the conversion of `cad_pid` to struct pid in\ncommit 9ec52099e4b8 (\"[PATCH] replace cad_pid by a struct pid\") from the\npre-KASAN stone age of v2.6.19.\n\nFix this by getting a reference to the init task's struct pid when we\nassign it to `cad_pid`.\n\nFull KASAN splat below.\n\n   ==================================================================\n   BUG: KASAN: use-after-free in ns_of_pid include/linux/pid.h:153 [inline]\n   BUG: KASAN: use-after-free in task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509\n   Read of size 4 at addr ffff23794dda0004 by task syz-executor.0/273\n\n   CPU: 1 PID: 273 Comm: syz-executor.0 Not tainted 5.12.0-00001-g9aef892b2d15 #1\n   Hardware name: linux,dummy-virt (DT)\n   Call trace:\n    ns_of_pid include/linux/pid.h:153 [inline]\n    task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509\n    do_notify_parent+0x308/0xe60 kernel/signal.c:1950\n    exit_notify kernel/exit.c:682 [inline]\n    do_exit+0x2334/0x2bd0 kernel/exit.c:845\n    do_group_exit+0x108/0x2c8 kernel/exit.c:922\n    get_signal+0x4e4/0x2a88 kernel/signal.c:2781\n    do_signal arch/arm64/kernel/signal.c:882 [inline]\n    do_notify_resume+0x300/0x970 arch/arm64/kernel/signal.c:936\n    work_pending+0xc/0x2dc\n\n   Allocated by task 0:\n    slab_post_alloc_hook+0x50/0x5c0 mm/slab.h:516\n    slab_alloc_node mm/slub.c:2907 [inline]\n    slab_alloc mm/slub.c:2915 [inline]\n    kmem_cache_alloc+0x1f4/0x4c0 mm/slub.c:2920\n    alloc_pid+0xdc/0xc00 kernel/pid.c:180\n    copy_process+0x2794/0x5e18 kernel/fork.c:2129\n    kernel_clone+0x194/0x13c8 kernel/fork.c:2500\n    kernel_thread+0xd4/0x110 kernel/fork.c:2552\n    rest_init+0x44/0x4a0 init/main.c:687\n    arch_call_rest_init+0x1c/0x28\n    start_kernel+0x520/0x554 init/main.c:1064\n    0x0\n\n   Freed by task 270:\n    slab_free_hook mm/slub.c:1562 [inline]\n    slab_free_freelist_hook+0x98/0x260 mm/slub.c:1600\n    slab_free mm/slub.c:3161 [inline]\n    kmem_cache_free+0x224/0x8e0 mm/slub.c:3177\n    put_pid.part.4+0xe0/0x1a8 kernel/pid.c:114\n    put_pid+0x30/0x48 kernel/pid.c:109\n    proc_do_cad_pid+0x190/0x1b0 kernel/sysctl.c:1401\n    proc_sys_call_handler+0x338/0x4b0 fs/proc/proc_sysctl.c:591\n    proc_sys_write+0x34/0x48 fs/proc/proc_sysctl.c:617\n    call_write_iter include/linux/fs.h:1977 [inline]\n    new_sync_write+0x3ac/0x510 fs/read_write.c:518\n    vfs_write fs/read_write.c:605 [inline]\n    vfs_write+0x9c4/0x1018 fs/read_write.c:585\n    ksys_write+0x124/0x240 fs/read_write.c:658\n    __do_sys_write fs/read_write.c:670 [inline]\n    __se_sys_write fs/read_write.c:667 [inline]\n    __arm64_sys_write+0x78/0xb0 fs/read_write.c:667\n    __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n    invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]\n    el0_svc_common.constprop.1+0x16c/0x388 arch/arm64/kernel/syscall.c:129\n    do_el0_svc+0xf8/0x150 arch/arm64/kernel/syscall.c:168\n    el0_svc+0x28/0x38 arch/arm64/kernel/entry-common.c:416\n    el0_sync_handler+0x134/0x180 arch/arm64/kernel/entry-common.c:432\n    el0_sync+0x154/0x180 arch/arm64/kernel/entry.S:701\n\n   The buggy address belongs to the object at ffff23794dda0000\n    which belongs to the cache pid of size 224\n   The buggy address is located 4 bytes inside of\n    224-byte region [ff\n---truncated---",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46],{"_key":25},"SUSE-SU-2024:1454-1",{"_key":27},"SUSE-SU-2024:1465-1",{"_key":29},"SUSE-SU-2024:1489-1",{"_key":31},"SUSE-SU-2024:1643-1",{"_key":33},"SUSE-SU-2024:1646-1",{"_key":35},"SUSE-SU-2024:1870-1",{"_key":37},"DEBIAN-CVE-2021-47118",{"_key":39},"RHSA-2024:3618",{"_key":41},"RHSA-2024:3627",{"_key":43},"UBUNTU-CVE-2021-47118",{"_key":45},"USN-7183-1",{"_key":47},"USN-7184-1",[],[50,51,52,53,54,55],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},"2024-03-15T20:14:25.116Z","2026-05-11T13:48:23.853Z","Analyzed",{"cisa_kev":60,"cisa_ransomware":60,"cisa_vendor":9,"epss_severity":61,"epss_score":62,"severity":63,"severity_score":64,"severity_version":65,"severity_source":66,"severity_vector":67,"severity_status":58},false,"low",0.00015,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[69,75,79,83,87,91,95,99],{"url":70,"sources":71,"tags":73},"https://git.kernel.org/stable/c/764c2e892d1fe895392aff62fb353fdce43bb529",[72,66],"cve.org",[74],"Patch",{"url":76,"sources":77,"tags":78},"https://git.kernel.org/stable/c/f86c80515a8a3703e0ca2e56deb50fc2879c5ea4",[72,66],[74],{"url":80,"sources":81,"tags":82},"https://git.kernel.org/stable/c/4dbd8808a591b49b717862e6e0081bcf14a87788",[72,66],[74],{"url":84,"sources":85,"tags":86},"https://git.kernel.org/stable/c/d106f05432e60f9f62d456ef017687f5c73cb414",[72,66],[74],{"url":88,"sources":89,"tags":90},"https://git.kernel.org/stable/c/2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff",[72,66],[74],{"url":92,"sources":93,"tags":94},"https://git.kernel.org/stable/c/7178be006d495ffb741c329012da289b62dddfe6",[72,66],[74],{"url":96,"sources":97,"tags":98},"https://git.kernel.org/stable/c/b8ff869f20152fbe66b6c2e2715d26a2f9897cca",[72,66],[74],{"url":100,"sources":101,"tags":102},"https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f",[72,66],[74],[],{"date":105,"score":62,"percentile":106},"2026-06-03",0.03446,[108,112,115,118,121,124,127,130,133,136,139,142,145,147,150,154,157,160,163,166,169,172,175,178,181,183,186,189,191,194,197,200,203,205,208,211,214,217,220,223,226,228,231,234,236,239,242,244,247,249,251,253,255,258,260,263,265,267,270,273,275,277,279,282,285,288,290,293,296,299,302,304,306,309,312,315,318,321,323,326,329,332,335,337,339,341,343,346,348,351],{"date":109,"score":110,"percentile":111},"2025-11-04",0.00012,0.01252,{"date":113,"score":110,"percentile":114},"2025-11-05",0.01272,{"date":116,"score":110,"percentile":117},"2025-11-06",0.01285,{"date":119,"score":110,"percentile":120},"2025-11-07",0.01288,{"date":122,"score":110,"percentile":123},"2025-11-08",0.01291,{"date":125,"score":110,"percentile":126},"2025-11-09",0.01289,{"date":128,"score":110,"percentile":129},"2025-11-10",0.01277,{"date":131,"score":110,"percentile":132},"2025-11-11",0.01282,{"date":134,"score":110,"percentile":135},"2025-11-12",0.01284,{"date":137,"score":110,"percentile":138},"2025-11-13",0.0129,{"date":140,"score":110,"percentile":141},"2025-11-14",0.01305,{"date":143,"score":110,"percentile":144},"2025-11-15",0.01319,{"date":146,"score":110,"percentile":144},"2025-11-16",{"date":148,"score":110,"percentile":149},"2025-11-17",0.01311,{"date":151,"score":152,"percentile":153},"2025-11-18",0.00092,0.22324,{"date":155,"score":152,"percentile":156},"2025-11-19",0.22334,{"date":158,"score":152,"percentile":159},"2025-11-20",0.22341,{"date":161,"score":110,"percentile":162},"2025-11-21",0.01365,{"date":164,"score":110,"percentile":165},"2025-11-22",0.01363,{"date":167,"score":110,"percentile":168},"2025-11-23",0.01351,{"date":170,"score":110,"percentile":171},"2025-11-24",0.01343,{"date":173,"score":110,"percentile":174},"2025-11-25",0.01338,{"date":176,"score":110,"percentile":177},"2025-11-26",0.01276,{"date":179,"score":110,"percentile":180},"2025-11-27",0.01274,{"date":182,"score":110,"percentile":129},"2025-11-28",{"date":184,"score":110,"percentile":185},"2025-11-29",0.01314,{"date":187,"score":110,"percentile":188},"2025-11-30",0.01323,{"date":190,"score":110,"percentile":168},"2025-12-01",{"date":192,"score":110,"percentile":193},"2025-12-02",0.01346,{"date":195,"score":110,"percentile":196},"2025-12-03",0.0135,{"date":198,"score":110,"percentile":199},"2025-12-04",0.01324,{"date":201,"score":110,"percentile":202},"2025-12-05",0.0134,{"date":204,"score":110,"percentile":171},"2025-12-06",{"date":206,"score":110,"percentile":207},"2025-12-07",0.01341,{"date":209,"score":110,"percentile":210},"2025-12-08",0.01342,{"date":212,"score":110,"percentile":213},"2025-12-09",0.01354,{"date":215,"score":110,"percentile":216},"2025-12-10",0.01367,{"date":218,"score":110,"percentile":219},"2025-12-11",0.01358,{"date":221,"score":110,"percentile":222},"2025-12-12",0.01357,{"date":224,"score":110,"percentile":225},"2025-12-13",0.01344,{"date":227,"score":110,"percentile":210},"2025-12-14",{"date":229,"score":110,"percentile":230},"2025-12-15",0.01339,{"date":232,"score":110,"percentile":233},"2025-12-16",0.01345,{"date":235,"score":110,"percentile":233},"2025-12-17",{"date":237,"score":110,"percentile":238},"2025-12-18",0.01333,{"date":240,"score":110,"percentile":241},"2025-12-19",0.01337,{"date":243,"score":110,"percentile":241},"2025-12-20",{"date":245,"score":110,"percentile":246},"2025-12-21",0.01349,{"date":248,"score":110,"percentile":168},"2025-12-22",{"date":250,"score":110,"percentile":168},"2025-12-23",{"date":252,"score":110,"percentile":213},"2025-12-24",{"date":254,"score":110,"percentile":222},"2025-12-25",{"date":256,"score":110,"percentile":257},"2025-12-26",0.01359,{"date":259,"score":110,"percentile":168},"2025-12-27",{"date":261,"score":110,"percentile":262},"2025-12-28",0.01352,{"date":264,"score":110,"percentile":207},"2025-12-29",{"date":266,"score":110,"percentile":241},"2025-12-30",{"date":268,"score":110,"percentile":269},"2025-12-31",0.01334,{"date":271,"score":110,"percentile":272},"2026-01-01",0.01356,{"date":274,"score":110,"percentile":262},"2026-01-02",{"date":276,"score":110,"percentile":213},"2026-01-03",{"date":278,"score":110,"percentile":199},"2026-01-04",{"date":280,"score":110,"percentile":281},"2026-01-05",0.01331,{"date":283,"score":110,"percentile":284},"2026-01-06",0.01325,{"date":286,"score":110,"percentile":287},"2026-01-07",0.0133,{"date":289,"score":110,"percentile":233},"2026-01-08",{"date":291,"score":110,"percentile":292},"2026-01-09",0.01362,{"date":294,"score":110,"percentile":295},"2026-01-10",0.01371,{"date":297,"score":110,"percentile":298},"2026-01-11",0.01369,{"date":300,"score":110,"percentile":301},"2026-01-12",0.01372,{"date":303,"score":110,"percentile":298},"2026-01-13",{"date":305,"score":110,"percentile":301},"2026-01-14",{"date":307,"score":110,"percentile":308},"2026-01-15",0.01383,{"date":310,"score":110,"percentile":311},"2026-01-16",0.01391,{"date":313,"score":110,"percentile":314},"2026-01-17",0.01394,{"date":316,"score":110,"percentile":317},"2026-01-18",0.01407,{"date":319,"score":110,"percentile":320},"2026-01-19",0.01396,{"date":322,"score":110,"percentile":308},"2026-01-20",{"date":324,"score":110,"percentile":325},"2026-01-21",0.01378,{"date":327,"score":110,"percentile":328},"2026-01-22",0.01381,{"date":330,"score":110,"percentile":331},"2026-01-23",0.01395,{"date":333,"score":110,"percentile":334},"2026-01-24",0.01398,{"date":336,"score":110,"percentile":334},"2026-01-25",{"date":338,"score":110,"percentile":331},"2026-01-26",{"date":340,"score":110,"percentile":328},"2026-01-27",{"date":342,"score":110,"percentile":328},"2026-01-28",{"date":344,"score":110,"percentile":345},"2026-01-29",0.01392,{"date":347,"score":110,"percentile":331},"2026-01-30",{"date":349,"score":110,"percentile":350},"2026-01-31",0.0141,{"date":352,"score":110,"percentile":353},"2026-02-01",0.01434,[355],{"source":66,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":356,"cvss_v4_0":9},{"baseScore":64,"baseSeverity":357,"vectorString":67,"impactScore":358,"exploitabilityScore":359},"HIGH",9.8,4.6,[361,396],{"ecosystem":9,"name":362,"vendor":363,"product":363,"cpe_part":364,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":365},"Linux","linux","a",[366,373,376,379,382,385,388,391,394],{"version":367,"is_range":368,"range_type":72,"version_start":369,"version_start_type":370,"version_end":371,"version_end_type":372,"fixed_in":9},">= 9ec52099e4b8678a60e9f93e41ad87885d64f3e6, \u003C 764c2e892d1fe895392aff62fb353fdce43bb529",true,"9ec52099e4b8678a60e9f93e41ad87885d64f3e6","including","764c2e892d1fe895392aff62fb353fdce43bb529","excluding",{"version":374,"is_range":368,"range_type":72,"version_start":369,"version_start_type":370,"version_end":375,"version_end_type":372,"fixed_in":9},">= 9ec52099e4b8678a60e9f93e41ad87885d64f3e6, \u003C f86c80515a8a3703e0ca2e56deb50fc2879c5ea4","f86c80515a8a3703e0ca2e56deb50fc2879c5ea4",{"version":377,"is_range":368,"range_type":72,"version_start":369,"version_start_type":370,"version_end":378,"version_end_type":372,"fixed_in":9},">= 9ec52099e4b8678a60e9f93e41ad87885d64f3e6, \u003C 4dbd8808a591b49b717862e6e0081bcf14a87788","4dbd8808a591b49b717862e6e0081bcf14a87788",{"version":380,"is_range":368,"range_type":72,"version_start":369,"version_start_type":370,"version_end":381,"version_end_type":372,"fixed_in":9},">= 9ec52099e4b8678a60e9f93e41ad87885d64f3e6, \u003C d106f05432e60f9f62d456ef017687f5c73cb414","d106f05432e60f9f62d456ef017687f5c73cb414",{"version":383,"is_range":368,"range_type":72,"version_start":369,"version_start_type":370,"version_end":384,"version_end_type":372,"fixed_in":9},">= 9ec52099e4b8678a60e9f93e41ad87885d64f3e6, \u003C 2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff","2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff",{"version":386,"is_range":368,"range_type":72,"version_start":369,"version_start_type":370,"version_end":387,"version_end_type":372,"fixed_in":9},">= 9ec52099e4b8678a60e9f93e41ad87885d64f3e6, \u003C 7178be006d495ffb741c329012da289b62dddfe6","7178be006d495ffb741c329012da289b62dddfe6",{"version":389,"is_range":368,"range_type":72,"version_start":369,"version_start_type":370,"version_end":390,"version_end_type":372,"fixed_in":9},">= 9ec52099e4b8678a60e9f93e41ad87885d64f3e6, \u003C b8ff869f20152fbe66b6c2e2715d26a2f9897cca","b8ff869f20152fbe66b6c2e2715d26a2f9897cca",{"version":392,"is_range":368,"range_type":72,"version_start":369,"version_start_type":370,"version_end":393,"version_end_type":372,"fixed_in":9},">= 9ec52099e4b8678a60e9f93e41ad87885d64f3e6, \u003C 0711f0d7050b9e07c44bc159bbc64ac0a1022c7f","0711f0d7050b9e07c44bc159bbc64ac0a1022c7f",{"version":395,"is_range":60,"range_type":72,"version_start":395,"version_start_type":370,"version_end":395,"version_end_type":370,"fixed_in":9},"2.6.19",{"ecosystem":9,"name":397,"vendor":363,"product":398,"cpe_part":399,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":400},"linux kernel","linux_kernel","o",[401,405,409,413,417,421,425,429,431,433,435],{"version":402,"is_range":368,"range_type":403,"version_start":395,"version_start_type":370,"version_end":404,"version_end_type":372,"fixed_in":9},"gte2.6.19_lt4.4.272","cpe","4.4.272",{"version":406,"is_range":368,"range_type":403,"version_start":407,"version_start_type":370,"version_end":408,"version_end_type":372,"fixed_in":9},"gte4.5_lt4.9.272","4.5","4.9.272",{"version":410,"is_range":368,"range_type":403,"version_start":411,"version_start_type":370,"version_end":412,"version_end_type":372,"fixed_in":9},"gte4.10_lt4.14.236","4.10","4.14.236",{"version":414,"is_range":368,"range_type":403,"version_start":415,"version_start_type":370,"version_end":416,"version_end_type":372,"fixed_in":9},"gte4.15_lt4.19.194","4.15","4.19.194",{"version":418,"is_range":368,"range_type":403,"version_start":419,"version_start_type":370,"version_end":420,"version_end_type":372,"fixed_in":9},"gte4.20_lt5.4.125","4.20","5.4.125",{"version":422,"is_range":368,"range_type":403,"version_start":423,"version_start_type":370,"version_end":424,"version_end_type":372,"fixed_in":9},"gte5.5_lt5.10.43","5.5","5.10.43",{"version":426,"is_range":368,"range_type":403,"version_start":427,"version_start_type":370,"version_end":428,"version_end_type":372,"fixed_in":9},"gte5.11_lt5.12.10","5.11","5.12.10",{"version":430,"is_range":60,"range_type":403,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.13:rc1",{"version":432,"is_range":60,"range_type":403,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.13:rc2",{"version":434,"is_range":60,"range_type":403,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.13:rc3",{"version":436,"is_range":60,"range_type":403,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.13:rc4"]