{"id":"CVE-2021-47517","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: do not perform operations on net devices being unregistered\n\nThere is a short period between a net device starts to be unregistered\nand when it is actually gone. In that time frame ethtool operations\ncould still be performed, which might end up in unwanted or undefined\nbehaviours[1].\n\nDo not allow ethtool operations after a net device starts its\nunregistration. This patch targets the netlink part as the ioctl one\nisn't affected: the reference to the net device is taken and the\noperation is executed within an rtnl lock section and the net device\nwon't be found after unregister.\n\n[1] For example adding Tx queues after unregister ends up in NULL\n    pointer exceptions and UaFs, such as:\n\n      BUG: KASAN: use-after-free in kobject_get+0x14/0x90\n      Read of size 1 at addr ffff88801961248c by task ethtool/755\n\n      CPU: 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778\n      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014\n      Call Trace:\n       dump_stack_lvl+0x57/0x72\n       print_address_description.constprop.0+0x1f/0x140\n       kasan_report.cold+0x7f/0x11b\n       kobject_get+0x14/0x90\n       kobject_add_internal+0x3d1/0x450\n       kobject_init_and_add+0xba/0xf0\n       netdev_queue_update_kobjects+0xcf/0x200\n       netif_set_real_num_tx_queues+0xb4/0x310\n       veth_set_channels+0x1c3/0x550\n       ethnl_set_channels+0x524/0x610","modified":"2026-03-14T11:19:13.595056Z","published":"2024-05-24T15:15:13.347Z","related":["SUSE-SU-2024:3190-1","SUSE-SU-2024:3209-1","SUSE-SU-2024:3483-1","SUSE-SU-2024:4120-1","SUSE-SU-2024:4122-1","SUSE-SU-2024:4123-1","SUSE-SU-2024:4124-1","SUSE-SU-2024:4125-1","SUSE-SU-2024:4127-1","SUSE-SU-2024:4128-1","SUSE-SU-2024:4141-1","SUSE-SU-2024:4160-1","SUSE-SU-2024:4206-1","SUSE-SU-2024:4207-1","SUSE-SU-2024:4214-1","SUSE-SU-2024:4216-1","SUSE-SU-2024:4218-1","SUSE-SU-2024:4220-1","SUSE-SU-2024:4227-1","SUSE-SU-2024:4228-1","SUSE-SU-2024:4240-1","SUSE-SU-2024:4243-1","SUSE-SU-2025:0114-1","SUSE-SU-2025:0115-1","SUSE-SU-2025:0138-1","SUSE-SU-2025:0146-1","SUSE-SU-2025:0158-1","SUSE-SU-2025:0164-1","SUSE-SU-2025:0181-1","SUSE-SU-2025:0252-1","SUSE-SU-2025:0253-1","SUSE-SU-2025:0254-1","SUSE-SU-2025:0260-1","SUSE-SU-2025:0266-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1241-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/7c26da3be1e9843a15b5318f90db8a564479d2ac"},{"type":"FIX","url":"https://git.kernel.org/stable/c/cfd719f04267108f5f5bf802b9d7de69e99a99f9"},{"type":"FIX","url":"https://git.kernel.org/stable/c/dde91ccfa25fd58f64c397d91b81a4b393100ffa"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.6"},{"fixed":"5.10.87"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.8"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc4"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47517.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}