{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T23:08:38.379","vulnerabilities":[{"cve":{"id":"CVE-2021-47577","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-06-19T15:15:52.223","lastModified":"2025-09-29T17:17:13.310","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nio-wq: check for wq exit after adding new worker task_work\n\nWe check IO_WQ_BIT_EXIT before attempting to create a new worker, and\nwq exit cancels pending work if we have any. But it's possible to have\na race between the two, where creation checks exit finding it not set,\nbut we're in the process of exiting. The exit side will cancel pending\ncreation task_work, but there's a gap where we add task_work after we've\ncanceled existing creations at exit time.\n\nFix this by checking the EXIT bit post adding the creation task_work.\nIf it's set, run the same cancelation that exit does."},{"lang":"es","value":"En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: io-wq: comprueba la salida de wq después de agregar un nuevo trabajador task_work Comprobamos IO_WQ_BIT_EXIT antes de intentar crear un nuevo trabajador, y wq exit cancela el trabajo pendiente si tenemos alguno. Pero es posible tener una carrera entre los dos, donde las comprobaciones de creación salen y descubren que no está configurado, pero estamos en el proceso de salir. El lado de salida cancelará la creación pendiente task_work, pero hay un espacio en el que agregamos task_work después de haber cancelado las creaciones existentes en el momento de la salida. Solucione este problema marcando la publicación del bit EXIT agregando la tarea de creación_trabajo. Si está configurado, ejecute la misma cancelación que realiza la salida."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.11","matchCriteriaId":"B271E1AF-BC45-4C3E-9614-055846520592"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*","matchCriteriaId":"357AA433-37E8-4323-BFB2-3038D6E4B414"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*","matchCriteriaId":"A73429BA-C2D9-4D0C-A75F-06A1CA8B3983"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*","matchCriteriaId":"F621B5E3-E99D-49E7-90B9-EC3B77C95383"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*","matchCriteriaId":"F7BFDCAA-1650-49AA-8462-407DD593F94F"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/71a85387546e50b1a37b0fa45dadcae3bfb35cf6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ec","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/71a85387546e50b1a37b0fa45dadcae3bfb35cf6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}