Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-46959

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
29/02/2024
Last modified:
10/12/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: Fix use-after-free with devm_spi_alloc_*<br /> <br /> We can&amp;#39;t rely on the contents of the devres list during<br /> spi_unregister_controller(), as the list is already torn down at the<br /> time we perform devres_find() for devm_spi_release_controller. This<br /> causes devices registered with devm_spi_alloc_{master,slave}() to be<br /> mistakenly identified as legacy, non-devm managed devices and have their<br /> reference counters decremented below 0.<br /> <br /> ------------[ cut here ]------------<br /> WARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174<br /> [] (refcount_warn_saturate) from [] (kobject_put+0x90/0x98)<br /> [] (kobject_put) from [] (put_device+0x20/0x24)<br /> r4:b6700140<br /> [] (put_device) from [] (devm_spi_release_controller+0x3c/0x40)<br /> [] (devm_spi_release_controller) from [] (release_nodes+0x84/0xc4)<br /> r5:b6700180 r4:b6700100<br /> [] (release_nodes) from [] (devres_release_all+0x5c/0x60)<br /> r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10<br /> [] (devres_release_all) from [] (__device_release_driver+0x144/0x1ec)<br /> r5:b117ad94 r4:b163dc10<br /> [] (__device_release_driver) from [] (device_driver_detach+0x84/0xa0)<br /> r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10<br /> [] (device_driver_detach) from [] (unbind_store+0xe4/0xf8)<br /> <br /> Instead, determine the devm allocation state as a flag on the<br /> controller which is guaranteed to be stable during cleanup.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.80
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.4.248 (including) 4.4.271 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.9.248 (including) 4.9.271 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.14.212 (including) 4.14.233 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.19.163 (including) 4.19.191 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.4.80 (including) 5.4.119 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.10 (including) 5.10.37 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.11.21 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.12 (including) 5.12.4 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools