SB20240531128 - Use-after-free in Linux kernel sched

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2021-47209)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rq_of_rt_se() and rt_rq_of_se() functions in kernel/sched/rt.c, within the free_fair_sched_group() and unregister_fair_sched_group() functions in kernel/sched/fair.c, within the sched_free_group(), sched_online_group(), cpu_cgroup_css_released() and cpu_cgroup_css_free() functions in kernel/sched/core.c, within the autogroup_destroy() function in kernel/sched/autogroup.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/512e21c150c1c3ee298852660f3a796e267e62ec
• https://git.kernel.org/stable/c/b027789e5e50494c2325cc70c8642e7fd6059479
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.5
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16