CVE-2021-47646: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-47646 affects the Linux kernel's block, bfq (Budget Fair Queueing) I/O scheduler component. The vulnerability was discovered when a crash was triggered in conjunction with commit 2d52c58b9c9b related to queue merges functionality. The issue was initially thought to be caused by the queue merges commit, but was later identified as a Use-After-Free (UAF) vulnerability introduced by a different commit (NVD).

The vulnerability is classified as a Use-After-Free (CWE-416) issue in the Linux kernel's BFQ I/O scheduler. The problem occurred when handling queue merges in the block layer. The CVSS v3.1 base score is 7.8 (High) with vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability was triggered by a commit that exposed an underlying UAF condition, which was later fixed by commit d29bd41428cf that properly resets lastbfqqcreated on group change (NVD, Kernel Commit).

The vulnerability allows a local attacker with low privileges to potentially achieve high impacts on confidentiality, integrity, and availability of the system. Given the CVSS score and vector, successful exploitation could lead to privilege escalation or system crashes (NVD).

The vulnerability has been fixed in the Linux kernel through commit d29bd41428cf which properly resets lastbfqqcreated on group change. The fix was implemented by restoring the previously reverted commit 2d52c58b9c9b after addressing the underlying UAF issue (Kernel Commit).