CVE-2021-47048

EPSS 0.04%
Veröffentlicht 28.02.2024 09:15:40
Zuletzt bearbeitet 09.12.2024 19:05:02
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op

When handling op->addr, it is using the buffer "tmpbuf" which has been
freed. This will trigger a use-after-free KASAN warning. Let's use
temporary variables to store op->addr.val and op->cmd.opcode to fix
this issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.10 < 5.10.37

Linux ≫ Linux Kernel Version >= 5.11 < 5.11.21

Linux ≫ Linux Kernel Version >= 5.12 < 5.12.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.084

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/1231279389b5e638bc3b66b9741c94077aed4b5a

Patch

https://git.kernel.org/stable/c/23269ac9f123eca3aea7682d3345c02e71ed696c

Patch

https://git.kernel.org/stable/c/a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58

Patch

https://git.kernel.org/stable/c/d67e0d6bd92ebbb0294e7062bbf5cdc773764e62

Patch

https://nvd.nist.gov/vuln/detail/CVE-2021-47048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-47048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-47048

EUVD