CVE-2024-47118: 
IBM Db2 vulnerability analysis and mitigation

CVE-2021-47118 is a use-after-free vulnerability in the Linux kernel that affects the initialization of cad_pid. The vulnerability was discovered during fuzzing of Linux kernel version 5.13-rc3 with Syzkaller, though it has existed since the conversion of cad_pid to struct pid in version 2.6.19. The issue affects multiple versions of the Linux kernel from version 2.6.19 through various 5.x releases (NVD).

The vulnerability occurs during boot when kernelinitfreeable() initializes cad_pid to the init task's struct pid. When cad_pid is changed via sysctl, procdocadpid() increments the refcount on the new pid via getpid() and decrements the refcount on the old pid via putpid(). Since getpid() was never called during initialization, this leads to decrementing a reference that was never incremented, potentially freeing the init task's struct pid prematurely. This can result in dangling references to the struct pid and subsequent use-after-free conditions when delivering signals (NVD).

The vulnerability can lead to use-after-free conditions in the kernel, potentially causing system crashes or other undefined behavior when delivering signals. The CVSS v3.1 base score is 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements but high potential impact on system confidentiality, integrity, and availability (NVD).

The fix involves getting a reference to the init task's struct pid when assigning it to cad_pid during initialization. This has been addressed in various kernel versions through patches. Red Hat has included fixes in their kernel updates, such as kernel-rt version 4.18.0-553.5.1.rt7.346.el8_10 for Red Hat Enterprise Linux 8 (Red Hat Portal).