CVE-2021-47195

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-47195
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is already freed: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Move the put_device() after the mutex_unlock().

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/11eab327a2a8bd36c38afbff920ae1bd45588dd4
https://git.kernel.org/stable/c/37330f37f6666c7739a44b2b6b95b047ccdbed2d Patch
https://git.kernel.org/stable/c/54c2c96eafcfd242e52e932ab54ace4784efe1dd
https://git.kernel.org/stable/c/6c53b45c71b4920b5e62f0ea8079a1da382b9434 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

17 Nov 2024, 15:15

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: spi: corrige el use-after-free del mutex add_lock. El commit 6098475d4cb4 ("spi: corrige el punto muerto al agregar controladores SPI en buses SPI") introdujo un mutex por controlador. Pero mutex_unlock() de dicho bloqueo se llama después de que el controlador ya está liberado: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Mueva put_device() después el mutex_unlock().
References
  • () https://git.kernel.org/stable/c/11eab327a2a8bd36c38afbff920ae1bd45588dd4 -
  • () https://git.kernel.org/stable/c/54c2c96eafcfd242e52e932ab54ace4784efe1dd -

19 Apr 2024, 19:16

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/37330f37f6666c7739a44b2b6b95b047ccdbed2d - () https://git.kernel.org/stable/c/37330f37f6666c7739a44b2b6b95b047ccdbed2d - Patch
References () https://git.kernel.org/stable/c/6c53b45c71b4920b5e62f0ea8079a1da382b9434 - () https://git.kernel.org/stable/c/6c53b45c71b4920b5e62f0ea8079a1da382b9434 - Patch
First Time Linux
Linux linux Kernel
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-416

10 Apr 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-10 19:15

Updated : 2024-11-17 15:15

NVD link : CVE-2021-47195

Mitre link : CVE-2021-47195

CVE.ORG link : CVE-2021-47195

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-416

Use After Free


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024