Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-47479

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
22/05/2024
Last modified:
24/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> staging: rtl8712: fix use-after-free in rtl8712_dl_fw<br /> <br /> Syzbot reported use-after-free in rtl8712_dl_fw(). The problem was in<br /> race condition between r871xu_dev_remove() -&gt;ndo_open() callback.<br /> <br /> It&amp;#39;s easy to see from crash log, that driver accesses released firmware<br /> in -&gt;ndo_open() callback. It may happen, since driver was releasing<br /> firmware _before_ unregistering netdev. Fix it by moving<br /> unregister_netdev() before cleaning up resources.<br /> <br /> Call Trace:<br /> ...<br /> rtl871x_open_fw drivers/staging/rtl8712/hal_init.c:83 [inline]<br /> rtl8712_dl_fw+0xd95/0xe10 drivers/staging/rtl8712/hal_init.c:170<br /> rtl8712_hal_init drivers/staging/rtl8712/hal_init.c:330 [inline]<br /> rtl871x_hal_init+0xae/0x180 drivers/staging/rtl8712/hal_init.c:394<br /> netdev_open+0xe6/0x6c0 drivers/staging/rtl8712/os_intfs.c:380<br /> __dev_open+0x2bc/0x4d0 net/core/dev.c:1484<br /> <br /> Freed by task 1306:<br /> ...<br /> release_firmware+0x1b/0x30 drivers/base/firmware_loader/main.c:1053<br /> r871xu_dev_remove+0xcc/0x2c0 drivers/staging/rtl8712/usb_intf.c:599<br /> usb_unbind_interface+0x1d8/0x8d0 drivers/usb/core/driver.c:458

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.00 HIGH
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.00
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.2.6 (including) 3.3 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.3.1 (including) 5.10.79 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.14.18 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.15 (including) 5.15.2 (excluding)
cpe:2.3:o:linux:linux_kernel:3.3:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools