CVE-2021-47387

Advisory lineage Upstream: 0 Downstream: 12
Analyzed
Published: 21 May 2024, 15:03
Last modified:11 May 2026, 13:53

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
<0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

21 May 2024, 15:03
Published
Vulnerability first disclosed
11 May 2026, 13:53
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: cpufreq: schedutil: Use kobject release() method to free sugov_tunables The struct sugov_tunables is protected by the kobject, so we can't free it directly. Otherwise we would get a call trace like this: ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x30 WARNING: CPU: 3 PID: 720 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100 Modules linked in: CPU: 3 PID: 720 Comm: a.sh Tainted: G W 5.14.0-rc1-next-20210715-yocto-standard+ #507 Hardware name: Marvell OcteonTX CN96XX board (DT) pstate: 40400009 (nZcv daif +PAN -UAO -TCO BTYPE=--) pc : debug_print_object+0xb8/0x100 lr : debug_print_object+0xb8/0x100 sp : ffff80001ecaf910 x29: ffff80001ecaf910 x28: ffff00011b10b8d0 x27: ffff800011043d80 x26: ffff00011a8f0000 x25: ffff800013cb3ff0 x24: 0000000000000000 x23: ffff80001142aa68 x22: ffff800011043d80 x21: ffff00010de46f20 x20: ffff800013c0c520 x19: ffff800011d8f5b0 x18: 0000000000000010 x17: 6e6968207473696c x16: 5f72656d6974203a x15: 6570797420746365 x14: 6a626f2029302065 x13: 303378302f307830 x12: 2b6e665f72656d69 x11: ffff8000124b1560 x10: ffff800012331520 x9 : ffff8000100ca6b0 x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 0000000000000001 x5 : ffff800011d8c000 x4 : ffff800011d8c740 x3 : 0000000000000000 x2 : ffff0001108301c0 x1 : ab3c90eedf9c0f00 x0 : 0000000000000000 Call trace: debug_print_object+0xb8/0x100 __debug_check_no_obj_freed+0x1c0/0x230 debug_check_no_obj_freed+0x20/0x88 slab_free_freelist_hook+0x154/0x1c8 kfree+0x114/0x5d0 sugov_exit+0xbc/0xc0 cpufreq_exit_governor+0x44/0x90 cpufreq_set_policy+0x268/0x4a8 store_scaling_governor+0xe0/0x128 store+0xc0/0xf0 sysfs_kf_write+0x54/0x80 kernfs_fop_write_iter+0x128/0x1c0 new_sync_write+0xf0/0x190 vfs_write+0x2d4/0x478 ksys_write+0x74/0x100 __arm64_sys_write+0x24/0x30 invoke_syscall.constprop.0+0x54/0xe0 do_el0_svc+0x64/0x158 el0_svc+0x2c/0xb0 el0t_64_sync_handler+0xb0/0xb8 el0t_64_sync+0x198/0x19c irq event stamp: 5518 hardirqs last enabled at (5517): [<ffff8000100cbd7c>] console_unlock+0x554/0x6c8 hardirqs last disabled at (5518): [<ffff800010fc0638>] el1_dbg+0x28/0xa0 softirqs last enabled at (5504): [<ffff8000100106e0>] __do_softirq+0x4d0/0x6c0 softirqs last disabled at (5483): [<ffff800010049548>] irq_exit+0x1b0/0x1b8 So split the original sugov_tunables_free() into two functions, sugov_clear_global_tunables() is just used to clear the global_tunables and the new sugov_tunables_free() is used as kobj_type::release to release the sugov_tunables safely.

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01% Percentile: 1%

Techniques & Countermeasures

  • CWE-763Release of Invalid Pointer or Reference

    The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

Affected Systems

  • linuxlinux

    ≥ 9bdcb44e391da5c41b98573bf0305a0e0b1c9569, < cb4a53ba37532c861a5f3f22803391018a41849a | ≥ 9bdcb44e391da5c41b98573bf0305a0e0b1c9569, < 463c46705f321201090b69c4ad5da0cd2ce614c9 | ≥ 9bdcb44e391da5c41b98573bf0305a0e0b1c9569, < 30d57cf2c4116ca6d34ecd1cac94ad84f8bc446c | ≥ 9bdcb44e391da5c41b98573bf0305a0e0b1c9569, < 67c98e023135ff81b8d52998a6fdb8ca0c518d82 | ≥ 9bdcb44e391da5c41b98573bf0305a0e0b1c9569, < a7d4fc84404d45d72f4490417e8cc3efa4af93f1 | ≥ 9bdcb44e391da5c41b98573bf0305a0e0b1c9569, < 8d62aec52a8c5b1d25a2364b243fcc5098a2ede9 | ≥ 9bdcb44e391da5c41b98573bf0305a0e0b1c9569, < e5c6b312ce3cc97e90ea159446e6bfa06645364d | 4.7

  • linuxlinux_kernel

    ≥ 4.7, < 4.9.285 | ≥ 4.10, < 4.14.249 | ≥ 4.15, < 4.19.209 | ≥ 4.20, < 5.4.151 | ≥ 5.5, < 5.10.71 | ≥ 5.11, < 5.14.10

References (7)