CVE-2021-47195

EPSS 0.02%
Veröffentlicht 10.04.2024 19:15:47
Zuletzt bearbeitet 21.11.2024 06:35:36
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

spi: fix use-after-free of the add_lock mutex

Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on
SPI buses") introduced a per-controller mutex. But mutex_unlock() of
said lock is called after the controller is already freed:

  spi_unregister_controller(ctlr)
  -> put_device(&ctlr->dev)
    -> spi_controller_release(dev)
  -> mutex_unlock(&ctrl->add_lock)

Move the put_device() after the mutex_unlock().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version > 5.15.0 < 5.15.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/11eab327a2a8bd36c38afbff920ae1bd45588dd4

https://git.kernel.org/stable/c/37330f37f6666c7739a44b2b6b95b047ccdbed2d

Patch

https://git.kernel.org/stable/c/54c2c96eafcfd242e52e932ab54ace4784efe1dd

https://git.kernel.org/stable/c/6c53b45c71b4920b5e62f0ea8079a1da382b9434

Patch

https://nvd.nist.gov/vuln/detail/CVE-2021-47195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-47195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-47195

EUVD