In the implementation of the futex (fast userspace mutex) system call, the use of stack memory after freeing was detected and eliminated. This, in turn, allowed the attacker to execute his code in the context of the kernel, with all the ensuing security implications. The vulnerability was in the error handler code.
Correction This vulnerability appeared in the Linux mainline on January 28 and the day before yesterday got into kernels 5.10.12, 5.4.94, 4.19.172, 4.14.218.
During the discussion of this patch, it was suggested that this vulnerability exists in all kernels since 2008:
https://www.openwall.com/lists/oss-security/2021/01/29/3
FWIW, this commit has: Fixes: 1b7558e457ed ("futexes: fix fault handling in futex_lock_pi") and that other commit is from 2008. So probably all currently maintained Linux distros and deployments are affected, unless something else mitigated the issue in some kernel versions .
Source: linux.org.ru