CVE-2021-47327

{"id": "CVE-2021-47327", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T15:15:19.757", "references": [{"url": "https://git.kernel.org/stable/c/1adf30f198c26539a62d761e45af72cde570413d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3761ae0d0e549f2acdaf11f49df4ed06d256b20f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c4007596fbdabc29f858dc2e1990858a146b60b2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fbf4daa6f4105e01fbd3868006f65c163365c1e3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fe92c058199067ae90cf2a901ddf3c271893557a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-911"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails\n\narm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the\nrefcount of the \"smmu\" even though the return value is less than 0.\n\nThe reference counting issue happens in some error handling paths of\narm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get()\nfails, the caller functions forget to decrease the refcount of \"smmu\"\nincreased by arm_smmu_rpm_get(), causing a refcount leak.\n\nFix this issue by calling pm_runtime_resume_and_get() instead of\npm_runtime_get_sync() in arm_smmu_rpm_get(), which can keep the refcount\nbalanced in case of failure."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/arm-smmu: corrige la fuga de refcount de arm_smmu_device cuando falla arm_smmu_rpm_get arm_smmu_rpm_get() invoca pm_runtime_get_sync(), lo que aumenta el refcount de \"smmu\" aunque el valor de retorno sea menor que 0. El problema del conteo de referencias ocurre en algunas rutas de manejo de errores de arm_smmu_rpm_get() en sus funciones de llamada. Cuando arm_smmu_rpm_get() falla, las funciones de la persona que llama se olvidan de disminuir el recuento de \"smmu\" aumentado en arm_smmu_rpm_get(), lo que provoca una fuga de recuento. Solucione este problema llamando a pm_runtime_resume_and_get() en lugar de pm_runtime_get_sync() en arm_smmu_rpm_get(), lo que puede mantener el recuento equilibrado en caso de fallo."}], "lastModified": "2024-07-03T01:37:39.993", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}