CVE-2021-47479

EPSS 0.02%
Veröffentlicht 22.05.2024 09:15:09
Zuletzt bearbeitet 24.09.2025 19:04:38
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8712: fix use-after-free in rtl8712_dl_fw

Syzbot reported use-after-free in rtl8712_dl_fw(). The problem was in
race condition between r871xu_dev_remove() ->ndo_open() callback.

It's easy to see from crash log, that driver accesses released firmware
in ->ndo_open() callback. It may happen, since driver was releasing
firmware _before_ unregistering netdev. Fix it by moving
unregister_netdev() before cleaning up resources.

Call Trace:
...
 rtl871x_open_fw drivers/staging/rtl8712/hal_init.c:83 [inline]
 rtl8712_dl_fw+0xd95/0xe10 drivers/staging/rtl8712/hal_init.c:170
 rtl8712_hal_init drivers/staging/rtl8712/hal_init.c:330 [inline]
 rtl871x_hal_init+0xae/0x180 drivers/staging/rtl8712/hal_init.c:394
 netdev_open+0xe6/0x6c0 drivers/staging/rtl8712/os_intfs.c:380
 __dev_open+0x2bc/0x4d0 net/core/dev.c:1484

Freed by task 1306:
...
 release_firmware+0x1b/0x30 drivers/base/firmware_loader/main.c:1053
 r871xu_dev_remove+0xcc/0x2c0 drivers/staging/rtl8712/usb_intf.c:599
 usb_unbind_interface+0x1d8/0x8d0 drivers/usb/core/driver.c:458

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.2.6 < 3.3

Linux ≫ Linux Kernel Version >= 3.3.1 < 5.10.79

Linux ≫ Linux Kernel Version >= 5.11 < 5.14.18

Linux ≫ Linux Kernel Version >= 5.15 < 5.15.2

Linux ≫ Linux Kernel Version3.3 Update-

Linux ≫ Linux Kernel Version3.3 Updaterc4

Linux ≫ Linux Kernel Version3.3 Updaterc5

Linux ≫ Linux Kernel Version3.3 Updaterc6

Linux ≫ Linux Kernel Version3.3 Updaterc7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.033

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/a65c9afe9f2f55b7a7fb4a25ab654cd4139683a4

Patch

https://git.kernel.org/stable/c/befd23bd3b17f1a3f9c943a8580b47444c7c63ed

Patch

https://git.kernel.org/stable/c/c052cc1a069c3e575619cf64ec427eb41176ca70

Patch

https://git.kernel.org/stable/c/c430094541a80575259a94ff879063ef01473506

Patch

https://nvd.nist.gov/vuln/detail/CVE-2021-47479

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-47479

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-47479

EUVD