CVE-2021-47248

Advisory lineage Upstream: 0 Downstream: 7

Downstream

DEBIAN-CVE-2021-47248 SUSE-SU-2024:1979-1 SUSE-SU-2024:1983-1 SUSE-SU-2024:2184-1 SUSE-SU-2025:1194-1 SUSE-SU-2025:1263-1

Analyzed

Published: 21 May 2024, 14:19

Last modified:11 May 2026, 13:50

Vulnerability Summary

Overall Risk (default)

low

19/100

CVSS Score

4.7 MEDIUM

v3.1 (nvd)

EPSS Score

0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 May 2024, 14:19

Published

Vulnerability first disclosed

11 May 2026, 13:50

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: udp: fix race between close() and udp_abort() Kaustubh reported and diagnosed a panic in udp_lib_lookup(). The root cause is udp_abort() racing with close(). Both racing functions acquire the socket lock, but udp{v6}_destroy_sock() release it before performing destructive actions. We can't easily extend the socket lock scope to avoid the race, instead use the SOCK_DEAD flag to prevent udp_abort from doing any action when the critical race happens. Diagnosed-and-tested-by: Kaustubh Pandey <kapandey@codeaurora.org>

CVSS Metrics

v3.1•MEDIUM•Score: 4.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

linux•linux
≥ 5d77dca82839ef016a93ad7acd7058b14d967752, < e3c36c773aed0fef8b1d3d555b43393ec564400f | ≥ 5d77dca82839ef016a93ad7acd7058b14d967752, < a0882f68f54f7a8b6308261acee9bd4faab5a69e | ≥ 5d77dca82839ef016a93ad7acd7058b14d967752, < 2f73448041bd0682d4b552cfd314ace66107f1ad | ≥ 5d77dca82839ef016a93ad7acd7058b14d967752, < 5a88477c1c85e4baa51e91f2d40f2166235daa56 | ≥ 5d77dca82839ef016a93ad7acd7058b14d967752, < 8729ec8a2238152a4afc212a331a6cd2c61aeeac | ≥ 5d77dca82839ef016a93ad7acd7058b14d967752, < 65310b0aff86980a011c7c7bfa487a333d4ca241 | ≥ 5d77dca82839ef016a93ad7acd7058b14d967752, < a8b897c7bcd47f4147d066e22cc01d1026d7640e | 4.9
linux•linux_kernel
≥ 4.9, < 4.9.274 | ≥ 4.10, < 4.14.238 | ≥ 4.15, < 4.19.196 | ≥ 4.20, < 5.4.128 | ≥ 5.5, < 5.10.46 | ≥ 5.11, < 5.12.13 | 5.13:rc1 | 5.13:rc2 | 5.13:rc3 | 5.13:rc4 | 5.13:rc5 | 5.13:rc6