CVEs-PoC/2021/CVE-2021-47125.md

### [CVE-2021-47125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47125)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.12%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=ae81feb7338c89cee4e6aa0424bdab2ce2b52da2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:sch_htb: fix refcount leak in htb_parent_to_leaf_offloadThe commit ae81feb7338c ("sch_htb: fix null pointer dereferenceon a null new_q") fixes a NULL pointer dereference bug, but itis not correct.Because htb_graft_helper properly handles the case when new_qis NULL, and after the previous patch by skipping this callwhich creates an inconsistency : dev_queue->qdisc will stillpoint to the old qdisc, but cl->parent->leaf.q will point tothe new one (which will be noop_qdisc, because new_q was NULL).The code is based on an assumption that these two pointers arethe same, so it can lead to refcount leaks.The correct fix is to add a NULL pointer check to protectqdisc_refcount_inc inside htb_parent_to_leaf_offload.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/NaInSec/CVE-LIST