Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0471
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | N/A | Red Hat Enterprise Linux for x86_64 9 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for Power, little endian 9 ppc64le | ||
| Red Hat | N/A | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le | ||
| Red Hat | N/A | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le | ||
| Red Hat | N/A | Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.4 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for Power, little endian 8 ppc64le | ||
| Red Hat | N/A | Red Hat Enterprise Linux for IBM z Systems 8 s390x | ||
| Red Hat | N/A | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux Server - AUS 9.4 x86_64 | ||
| Red Hat | N/A | Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 | ||
| Red Hat | N/A | Red Hat CodeReady Linux Builder for x86_64 8 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x | ||
| Red Hat | N/A | Red Hat Enterprise Linux for ARM 64 9 aarch64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for Real Time 9 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux Server - AUS 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for Real Time for NFV 8 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux Server - TUS 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.4 aarch64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for ARM 64 8 aarch64 | ||
| Red Hat | N/A | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le | ||
| Red Hat | N/A | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le | ||
| Red Hat | N/A | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le | ||
| Red Hat | N/A | Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x | ||
| Red Hat | N/A | Red Hat Enterprise Linux for IBM z Systems 9 s390x | ||
| Red Hat | N/A | Red Hat Enterprise Linux Server - AUS 8.2 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for x86_64 8 x86_64 | ||
| Red Hat | N/A | Red Hat CodeReady Linux Builder for x86_64 9 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for Real Time 8 x86_64 | ||
| Red Hat | N/A | Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le | ||
| Red Hat | N/A | Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.4 x86_64 | ||
| Red Hat | N/A | Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 | ||
| Red Hat | N/A | Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x | ||
| Red Hat | N/A | Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.4 s390x | ||
| Red Hat | N/A | Red Hat Enterprise Linux for Real Time for NFV 9 x86_64 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux for x86_64 9 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian 9 ppc64le",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian 8 ppc64le",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 8 s390x",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 9.4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 8 aarch64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 8 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 9 aarch64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 9 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 8.4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 8 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 8.4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.4 aarch64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 8 aarch64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 9 s390x",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 8.2 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 8 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 9 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 8 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 9 aarch64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.4 s390x",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 9 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2024-27059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2021-47055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
},
{
"name": "CVE-2020-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2024-25744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
},
{
"name": "CVE-2024-26973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
},
{
"name": "CVE-2021-47185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2024-26964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2019-25162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2024-27048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
},
{
"name": "CVE-2021-47013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2021-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2021-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2024-27056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2021-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-26919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
},
{
"name": "CVE-2023-52445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
},
{
"name": "CVE-2024-27014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
},
{
"name": "CVE-2024-26892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2023-52578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
},
{
"name": "CVE-2021-46934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2024-26933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2023-52513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
},
{
"name": "CVE-2023-52610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2022-48669",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
},
{
"name": "CVE-2023-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
},
{
"name": "CVE-2023-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
},
{
"name": "CVE-2024-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0471",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Red Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": "2024-06-05",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:3618",
"url": "https://access.redhat.com/errata/RHSA-2024:3618"
},
{
"published_at": "2024-06-05",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:3627",
"url": "https://access.redhat.com/errata/RHSA-2024:3627"
},
{
"published_at": "2024-05-31",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:3529",
"url": "https://access.redhat.com/errata/RHSA-2024:3529"
},
{
"published_at": "2024-05-31",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:3528",
"url": "https://access.redhat.com/errata/RHSA-2024:3528"
},
{
"published_at": "2024-05-31",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:3530",
"url": "https://access.redhat.com/errata/RHSA-2024:3530"
},
{
"published_at": "2024-06-05",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:3619",
"url": "https://access.redhat.com/errata/RHSA-2024:3619"
}
]
}
CVE-2019-25162 (GCVE-0-2019-25162)
Vulnerability from cvelistv5 – Published: 2024-02-26 17:20 – Updated: 2026-05-11 13:41
VLAI
EPSS
Title
i2c: Fix a potential use after free
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: Fix a potential use after free
Free the adap structure only after we are done using it.
This patch just moves the put_device() down a bit to avoid the
use after free.
[wsa: added comment to the code, added Fixes tag]
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < e6412ba3b6508bdf9c074d310bf4144afa6aec1a
(git)
Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 23a191b132cd87f746c62f3dc27da33683d85829 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 871a1e94929a27bf6e2cd99523865c840bbc2d87 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 81cb31756888bb062e92d2dca21cd629d77a46a9 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 35927d7509ab9bf41896b7e44f639504eae08af7 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < e8e1a046cf87c8b1363e5de835114f2779e2aaf4 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 12b0606000d0828630c033bf0c74c748464fe87d (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < e4c72c06c367758a14f227c847f9d623f1994ecf (git) |
|
| Linux | Linux |
Affected:
4.3
Unaffected: 0 , < 4.3 (semver) Unaffected: 4.14.291 , ≤ 4.14.* (semver) Unaffected: 4.19.256 , ≤ 4.19.* (semver) Unaffected: 5.4.211 , ≤ 5.4.* (semver) Unaffected: 5.10.137 , ≤ 5.10.* (semver) Unaffected: 5.15.61 , ≤ 5.15.* (semver) Unaffected: 5.18.18 , ≤ 5.18.* (semver) Unaffected: 5.19.2 , ≤ 5.19.* (semver) Unaffected: 6.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T18:51:49.719341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T18:51:57.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/i2c-core-base.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e6412ba3b6508bdf9c074d310bf4144afa6aec1a",
"status": "affected",
"version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
"versionType": "git"
},
{
"lessThan": "23a191b132cd87f746c62f3dc27da33683d85829",
"status": "affected",
"version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
"versionType": "git"
},
{
"lessThan": "871a1e94929a27bf6e2cd99523865c840bbc2d87",
"status": "affected",
"version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
"versionType": "git"
},
{
"lessThan": "81cb31756888bb062e92d2dca21cd629d77a46a9",
"status": "affected",
"version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
"versionType": "git"
},
{
"lessThan": "35927d7509ab9bf41896b7e44f639504eae08af7",
"status": "affected",
"version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
"versionType": "git"
},
{
"lessThan": "e8e1a046cf87c8b1363e5de835114f2779e2aaf4",
"status": "affected",
"version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
"versionType": "git"
},
{
"lessThan": "12b0606000d0828630c033bf0c74c748464fe87d",
"status": "affected",
"version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
"versionType": "git"
},
{
"lessThan": "e4c72c06c367758a14f227c847f9d623f1994ecf",
"status": "affected",
"version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/i2c-core-base.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.256",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.137",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.291",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.256",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.211",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.137",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.61",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.18",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.2",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: Fix a potential use after free\n\nFree the adap structure only after we are done using it.\nThis patch just moves the put_device() down a bit to avoid the\nuse after free.\n\n[wsa: added comment to the code, added Fixes tag]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:41:57.983Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a"
},
{
"url": "https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829"
},
{
"url": "https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87"
},
{
"url": "https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9"
},
{
"url": "https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7"
},
{
"url": "https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4"
},
{
"url": "https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d"
},
{
"url": "https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf"
}
],
"title": "i2c: Fix a potential use after free",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2019-25162",
"datePublished": "2024-02-26T17:20:20.846Z",
"dateReserved": "2024-02-26T17:07:20.465Z",
"dateUpdated": "2026-05-11T13:41:57.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36777 (GCVE-0-2020-36777)
Vulnerability from cvelistv5 – Published: 2024-02-27 18:40 – Updated: 2026-05-11 13:42
VLAI
EPSS
Title
media: dvbdev: Fix memory leak in dvb_media_device_free()
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: dvbdev: Fix memory leak in dvb_media_device_free()
dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn`
before setting it to NULL, as documented in include/media/media-device.h:
"The media_entity instance itself must be freed explicitly by the driver
if required."
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 06854b943e0571ccbd7ad0a529babed1a98ff275
(git)
Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 32168ca1f123316848fffb85d059860adf3c409f (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < cd89f79be5d553c78202f686e8e4caa5fbe94e98 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 9185b3b1c143b8da409c19ac5a785aa18d67a81b (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 43263fd43083e412311fa764cd04a727b0c6a749 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 9ad15e214fcd73694ea51967d86055f47b802066 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < cede24d13be6c2a62be6d7ceea63c2719b0cfa82 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < bf9a40ae8d722f281a2721779595d6df1c33a0bf (git) |
|
| Linux | Linux |
Affected:
4.5
Unaffected: 0 , < 4.5 (semver) Unaffected: 4.9.269 , ≤ 4.9.* (semver) Unaffected: 4.14.233 , ≤ 4.14.* (semver) Unaffected: 4.19.191 , ≤ 4.19.* (semver) Unaffected: 5.4.118 , ≤ 5.4.* (semver) Unaffected: 5.10.36 , ≤ 5.10.* (semver) Unaffected: 5.11.20 , ≤ 5.11.* (semver) Unaffected: 5.12.3 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T16:40:26.925342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:13.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-core/dvbdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "06854b943e0571ccbd7ad0a529babed1a98ff275",
"status": "affected",
"version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
"versionType": "git"
},
{
"lessThan": "32168ca1f123316848fffb85d059860adf3c409f",
"status": "affected",
"version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
"versionType": "git"
},
{
"lessThan": "cd89f79be5d553c78202f686e8e4caa5fbe94e98",
"status": "affected",
"version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
"versionType": "git"
},
{
"lessThan": "9185b3b1c143b8da409c19ac5a785aa18d67a81b",
"status": "affected",
"version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
"versionType": "git"
},
{
"lessThan": "43263fd43083e412311fa764cd04a727b0c6a749",
"status": "affected",
"version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
"versionType": "git"
},
{
"lessThan": "9ad15e214fcd73694ea51967d86055f47b802066",
"status": "affected",
"version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
"versionType": "git"
},
{
"lessThan": "cede24d13be6c2a62be6d7ceea63c2719b0cfa82",
"status": "affected",
"version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
"versionType": "git"
},
{
"lessThan": "bf9a40ae8d722f281a2721779595d6df1c33a0bf",
"status": "affected",
"version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/dvb-core/dvbdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.269",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.233",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.191",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.118",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.36",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.20",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.3",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: Fix memory leak in dvb_media_device_free()\n\ndvb_media_device_free() is leaking memory. Free `dvbdev-\u003eadapter-\u003econn`\nbefore setting it to NULL, as documented in include/media/media-device.h:\n\"The media_entity instance itself must be freed explicitly by the driver\nif required.\""
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:42:41.832Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275"
},
{
"url": "https://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f"
},
{
"url": "https://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98"
},
{
"url": "https://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b"
},
{
"url": "https://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749"
},
{
"url": "https://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066"
},
{
"url": "https://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82"
},
{
"url": "https://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf"
}
],
"title": "media: dvbdev: Fix memory leak in dvb_media_device_free()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2020-36777",
"datePublished": "2024-02-27T18:40:26.245Z",
"dateReserved": "2024-02-26T17:07:27.434Z",
"dateUpdated": "2026-05-11T13:42:41.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-46934 (GCVE-0-2021-46934)
Vulnerability from cvelistv5 – Published: 2024-02-27 09:44 – Updated: 2026-05-11 13:44
VLAI
EPSS
Title
i2c: validate user data in compat ioctl
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: validate user data in compat ioctl
Wrong user data may cause warning in i2c_transfer(), ex: zero msgs.
Userspace should not be able to trigger warnings, so this patch adds
validation checks for user data in compact ioctl to prevent reported
warnings
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < 407c8708fb1bf2d4afc5337ef50635cf540c364b
(git)
Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < 9e4a3f47eff476097e0c7faac04d1831fc70237d (git) Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < 8d31cbab4c295d7010ebb729e9d02d0e9cece18f (git) Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < f68599581067e8a5a8901ba9eb270b4519690e26 (git) Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < bb436283e25aaf1533ce061605d23a9564447bdf (git) |
|
| Linux | Linux |
Affected:
4.15
Unaffected: 0 , < 4.15 (semver) Unaffected: 4.19.224 , ≤ 4.19.* (semver) Unaffected: 5.4.170 , ≤ 5.4.* (semver) Unaffected: 5.10.90 , ≤ 5.10.* (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T16:18:35.081460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:06.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/i2c-dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "407c8708fb1bf2d4afc5337ef50635cf540c364b",
"status": "affected",
"version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
"versionType": "git"
},
{
"lessThan": "9e4a3f47eff476097e0c7faac04d1831fc70237d",
"status": "affected",
"version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
"versionType": "git"
},
{
"lessThan": "8d31cbab4c295d7010ebb729e9d02d0e9cece18f",
"status": "affected",
"version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
"versionType": "git"
},
{
"lessThan": "f68599581067e8a5a8901ba9eb270b4519690e26",
"status": "affected",
"version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
"versionType": "git"
},
{
"lessThan": "bb436283e25aaf1533ce061605d23a9564447bdf",
"status": "affected",
"version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/i2c-dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.170",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.224",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.170",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.90",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: validate user data in compat ioctl\n\nWrong user data may cause warning in i2c_transfer(), ex: zero msgs.\nUserspace should not be able to trigger warnings, so this patch adds\nvalidation checks for user data in compact ioctl to prevent reported\nwarnings"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:44:43.916Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b"
},
{
"url": "https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d"
},
{
"url": "https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f"
},
{
"url": "https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26"
},
{
"url": "https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf"
}
],
"title": "i2c: validate user data in compat ioctl",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46934",
"datePublished": "2024-02-27T09:44:01.411Z",
"dateReserved": "2024-02-25T13:45:52.720Z",
"dateUpdated": "2026-05-11T13:44:43.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47013 (GCVE-0-2021-47013)
Vulnerability from cvelistv5 – Published: 2024-02-28 08:13 – Updated: 2026-05-11 13:46
VLAI
EPSS
Title
net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
Summary
In the Linux kernel, the following vulnerability has been resolved:
net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).
If some error happens in emac_tx_fill_tpd(), the skb will be freed via
dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().
But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).
As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,
thus my patch assigns skb->len to 'len' before the possible free and
use 'len' instead of skb->len later.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < c7f75d11fe72913d2619f97b2334b083cd7bb955
(git)
Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < dc1b438a35773d030be0ee80d9c635c3e558a322 (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < 16d8c44be52e3650917736d45f5904384a9da834 (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < 55fcdd1258faaecca74b91b88cc0921f9edd775d (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < 9dc373f74097edd0e35f3393d6248eda8d1ba99d (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < 8c06f34785068b87e2b560534c77c163d6c6dca7 (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < e407495ba6788a67d1bd41714158c079e340879b (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < 6d72e7c767acbbdd44ebc7d89c6690b405b32b57 (git) |
|
| Linux | Linux |
Affected:
4.9
Unaffected: 0 , < 4.9 (semver) Unaffected: 4.9.269 , ≤ 4.9.* (semver) Unaffected: 4.14.233 , ≤ 4.14.* (semver) Unaffected: 4.19.191 , ≤ 4.19.* (semver) Unaffected: 5.4.119 , ≤ 5.4.* (semver) Unaffected: 5.10.37 , ≤ 5.10.* (semver) Unaffected: 5.11.21 , ≤ 5.11.* (semver) Unaffected: 5.12.4 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T19:56:27.719807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:43.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/qualcomm/emac/emac-mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c7f75d11fe72913d2619f97b2334b083cd7bb955",
"status": "affected",
"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
"versionType": "git"
},
{
"lessThan": "dc1b438a35773d030be0ee80d9c635c3e558a322",
"status": "affected",
"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
"versionType": "git"
},
{
"lessThan": "16d8c44be52e3650917736d45f5904384a9da834",
"status": "affected",
"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
"versionType": "git"
},
{
"lessThan": "55fcdd1258faaecca74b91b88cc0921f9edd775d",
"status": "affected",
"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
"versionType": "git"
},
{
"lessThan": "9dc373f74097edd0e35f3393d6248eda8d1ba99d",
"status": "affected",
"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
"versionType": "git"
},
{
"lessThan": "8c06f34785068b87e2b560534c77c163d6c6dca7",
"status": "affected",
"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
"versionType": "git"
},
{
"lessThan": "e407495ba6788a67d1bd41714158c079e340879b",
"status": "affected",
"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
"versionType": "git"
},
{
"lessThan": "6d72e7c767acbbdd44ebc7d89c6690b405b32b57",
"status": "affected",
"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/qualcomm/emac/emac-mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.269",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.233",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.191",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.119",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.37",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.21",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.4",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send\n\nIn emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).\nIf some error happens in emac_tx_fill_tpd(), the skb will be freed via\ndev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().\nBut the freed skb is still used via skb-\u003elen by netdev_sent_queue(,skb-\u003elen).\n\nAs i observed that emac_tx_fill_tpd() haven\u0027t modified the value of skb-\u003elen,\nthus my patch assigns skb-\u003elen to \u0027len\u0027 before the possible free and\nuse \u0027len\u0027 instead of skb-\u003elen later."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:46:16.357Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955"
},
{
"url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322"
},
{
"url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834"
},
{
"url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d"
},
{
"url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d"
},
{
"url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7"
},
{
"url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b"
},
{
"url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57"
}
],
"title": "net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47013",
"datePublished": "2024-02-28T08:13:30.905Z",
"dateReserved": "2024-02-27T18:42:55.953Z",
"dateUpdated": "2026-05-11T13:46:16.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47055 (GCVE-0-2021-47055)
Vulnerability from cvelistv5 – Published: 2024-02-29 22:37 – Updated: 2026-05-23 15:19
VLAI
EPSS
Title
mtd: require write permissions for locking and badblock ioctls
Summary
In the Linux kernel, the following vulnerability has been resolved:
mtd: require write permissions for locking and badblock ioctls
MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require
write permission. Depending on the hardware MEMLOCK might even be
write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK
is always write-once.
MEMSETBADBLOCK modifies the bad block table.
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1c9f9125892a43901438bf704ada6b7019e2a884 , < f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf
(git)
Affected: 583d42400532fbd6228b0254d7c732b771e4750d , < 9625b00cac6630479c0ff4b9fafa88bee636e1f0 (git) Affected: 389c74c218d3b182e9cd767e98cee0e0fd0dabaa , < f73b29819c6314c0ba8b7d5892dfb03487424bee (git) Affected: ab1a602a9cea98aa37b2e6851b168d2a2633a58d , < 75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37 (git) Affected: 9a53e8bd59d9f070505e51d3fd19606a270e6b93 , < 5880afefe0cb9b2d5e801816acd58bfe91a96981 (git) Affected: f7e6b19bc76471ba03725fe58e0c218a3d6266c3 , < 7b6552719c0ccbbea29dde4be141da54fdb5877e (git) Affected: f7e6b19bc76471ba03725fe58e0c218a3d6266c3 , < 077259f5e777c3c8821f6b41dee709fcda27306b (git) Affected: f7e6b19bc76471ba03725fe58e0c218a3d6266c3 , < a08799d3e8c8088640956237c183f83463c39668 (git) Affected: f7e6b19bc76471ba03725fe58e0c218a3d6266c3 , < 1e97743fd180981bef5f01402342bb54bf1c6366 (git) Affected: 36a8b2f49235e63ab3f901fe12e1b6732f075c2e (git) Affected: eb3d82abc335624a5e8ecfb75aba0b684e2dc4db (git) Affected: 4.4.233 , < 4.4.269 (semver) Affected: 4.9.233 , < 4.9.269 (semver) Affected: 4.14.194 , < 4.14.233 (semver) Affected: 4.19.139 , < 4.19.191 (semver) Affected: 5.4.58 , < 5.4.119 (semver) Affected: 5.7.15 , < 5.8 (semver) Affected: 5.8.1 , < 5.9 (semver) |
|
| Linux | Linux |
Affected:
5.9
Unaffected: 0 , < 5.9 (semver) Unaffected: 4.4.269 , ≤ 4.4.* (semver) Unaffected: 4.9.269 , ≤ 4.9.* (semver) Unaffected: 4.14.233 , ≤ 4.14.* (semver) Unaffected: 4.19.191 , ≤ 4.19.* (semver) Unaffected: 5.4.119 , ≤ 5.4.* (semver) Unaffected: 5.10.37 , ≤ 5.10.* (semver) Unaffected: 5.11.21 , ≤ 5.11.* (semver) Unaffected: 5.12.4 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T15:53:21.546664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:55.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9625b00cac6630479c0ff4b9fafa88bee636e1f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f73b29819c6314c0ba8b7d5892dfb03487424bee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5880afefe0cb9b2d5e801816acd58bfe91a96981"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b6552719c0ccbbea29dde4be141da54fdb5877e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/077259f5e777c3c8821f6b41dee709fcda27306b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a08799d3e8c8088640956237c183f83463c39668"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e97743fd180981bef5f01402342bb54bf1c6366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mtd/mtdchar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf",
"status": "affected",
"version": "1c9f9125892a43901438bf704ada6b7019e2a884",
"versionType": "git"
},
{
"lessThan": "9625b00cac6630479c0ff4b9fafa88bee636e1f0",
"status": "affected",
"version": "583d42400532fbd6228b0254d7c732b771e4750d",
"versionType": "git"
},
{
"lessThan": "f73b29819c6314c0ba8b7d5892dfb03487424bee",
"status": "affected",
"version": "389c74c218d3b182e9cd767e98cee0e0fd0dabaa",
"versionType": "git"
},
{
"lessThan": "75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37",
"status": "affected",
"version": "ab1a602a9cea98aa37b2e6851b168d2a2633a58d",
"versionType": "git"
},
{
"lessThan": "5880afefe0cb9b2d5e801816acd58bfe91a96981",
"status": "affected",
"version": "9a53e8bd59d9f070505e51d3fd19606a270e6b93",
"versionType": "git"
},
{
"lessThan": "7b6552719c0ccbbea29dde4be141da54fdb5877e",
"status": "affected",
"version": "f7e6b19bc76471ba03725fe58e0c218a3d6266c3",
"versionType": "git"
},
{
"lessThan": "077259f5e777c3c8821f6b41dee709fcda27306b",
"status": "affected",
"version": "f7e6b19bc76471ba03725fe58e0c218a3d6266c3",
"versionType": "git"
},
{
"lessThan": "a08799d3e8c8088640956237c183f83463c39668",
"status": "affected",
"version": "f7e6b19bc76471ba03725fe58e0c218a3d6266c3",
"versionType": "git"
},
{
"lessThan": "1e97743fd180981bef5f01402342bb54bf1c6366",
"status": "affected",
"version": "f7e6b19bc76471ba03725fe58e0c218a3d6266c3",
"versionType": "git"
},
{
"status": "affected",
"version": "36a8b2f49235e63ab3f901fe12e1b6732f075c2e",
"versionType": "git"
},
{
"status": "affected",
"version": "eb3d82abc335624a5e8ecfb75aba0b684e2dc4db",
"versionType": "git"
},
{
"lessThan": "4.4.269",
"status": "affected",
"version": "4.4.233",
"versionType": "semver"
},
{
"lessThan": "4.9.269",
"status": "affected",
"version": "4.9.233",
"versionType": "semver"
},
{
"lessThan": "4.14.233",
"status": "affected",
"version": "4.14.194",
"versionType": "semver"
},
{
"lessThan": "4.19.191",
"status": "affected",
"version": "4.19.139",
"versionType": "semver"
},
{
"lessThan": "5.4.119",
"status": "affected",
"version": "5.4.58",
"versionType": "semver"
},
{
"lessThan": "5.8",
"status": "affected",
"version": "5.7.15",
"versionType": "semver"
},
{
"lessThan": "5.9",
"status": "affected",
"version": "5.8.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mtd/mtdchar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.269",
"versionStartIncluding": "4.4.233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.269",
"versionStartIncluding": "4.9.233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.233",
"versionStartIncluding": "4.14.194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.191",
"versionStartIncluding": "4.19.139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.119",
"versionStartIncluding": "5.4.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.37",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.21",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.4",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: require write permissions for locking and badblock ioctls\n\nMEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require\nwrite permission. Depending on the hardware MEMLOCK might even be\nwrite-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK\nis always write-once.\n\nMEMSETBADBLOCK modifies the bad block table."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:19:10.230Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf"
},
{
"url": "https://git.kernel.org/stable/c/9625b00cac6630479c0ff4b9fafa88bee636e1f0"
},
{
"url": "https://git.kernel.org/stable/c/f73b29819c6314c0ba8b7d5892dfb03487424bee"
},
{
"url": "https://git.kernel.org/stable/c/75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37"
},
{
"url": "https://git.kernel.org/stable/c/5880afefe0cb9b2d5e801816acd58bfe91a96981"
},
{
"url": "https://git.kernel.org/stable/c/7b6552719c0ccbbea29dde4be141da54fdb5877e"
},
{
"url": "https://git.kernel.org/stable/c/077259f5e777c3c8821f6b41dee709fcda27306b"
},
{
"url": "https://git.kernel.org/stable/c/a08799d3e8c8088640956237c183f83463c39668"
},
{
"url": "https://git.kernel.org/stable/c/1e97743fd180981bef5f01402342bb54bf1c6366"
}
],
"title": "mtd: require write permissions for locking and badblock ioctls",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47055",
"datePublished": "2024-02-29T22:37:30.071Z",
"dateReserved": "2024-02-29T22:33:44.293Z",
"dateUpdated": "2026-05-23T15:19:10.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47118 (GCVE-0-2021-47118)
Vulnerability from cvelistv5 – Published: 2024-03-15 20:14 – Updated: 2026-05-11 13:48
VLAI
EPSS
Title
pid: take a reference when initializing `cad_pid`
Summary
In the Linux kernel, the following vulnerability has been resolved:
pid: take a reference when initializing `cad_pid`
During boot, kernel_init_freeable() initializes `cad_pid` to the init
task's struct pid. Later on, we may change `cad_pid` via a sysctl, and
when this happens proc_do_cad_pid() will increment the refcount on the
new pid via get_pid(), and will decrement the refcount on the old pid
via put_pid(). As we never called get_pid() when we initialized
`cad_pid`, we decrement a reference we never incremented, can therefore
free the init task's struct pid early. As there can be dangling
references to the struct pid, we can later encounter a use-after-free
(e.g. when delivering signals).
This was spotted when fuzzing v5.13-rc3 with Syzkaller, but seems to
have been around since the conversion of `cad_pid` to struct pid in
commit 9ec52099e4b8 ("[PATCH] replace cad_pid by a struct pid") from the
pre-KASAN stone age of v2.6.19.
Fix this by getting a reference to the init task's struct pid when we
assign it to `cad_pid`.
Full KASAN splat below.
==================================================================
BUG: KASAN: use-after-free in ns_of_pid include/linux/pid.h:153 [inline]
BUG: KASAN: use-after-free in task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509
Read of size 4 at addr ffff23794dda0004 by task syz-executor.0/273
CPU: 1 PID: 273 Comm: syz-executor.0 Not tainted 5.12.0-00001-g9aef892b2d15 #1
Hardware name: linux,dummy-virt (DT)
Call trace:
ns_of_pid include/linux/pid.h:153 [inline]
task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509
do_notify_parent+0x308/0xe60 kernel/signal.c:1950
exit_notify kernel/exit.c:682 [inline]
do_exit+0x2334/0x2bd0 kernel/exit.c:845
do_group_exit+0x108/0x2c8 kernel/exit.c:922
get_signal+0x4e4/0x2a88 kernel/signal.c:2781
do_signal arch/arm64/kernel/signal.c:882 [inline]
do_notify_resume+0x300/0x970 arch/arm64/kernel/signal.c:936
work_pending+0xc/0x2dc
Allocated by task 0:
slab_post_alloc_hook+0x50/0x5c0 mm/slab.h:516
slab_alloc_node mm/slub.c:2907 [inline]
slab_alloc mm/slub.c:2915 [inline]
kmem_cache_alloc+0x1f4/0x4c0 mm/slub.c:2920
alloc_pid+0xdc/0xc00 kernel/pid.c:180
copy_process+0x2794/0x5e18 kernel/fork.c:2129
kernel_clone+0x194/0x13c8 kernel/fork.c:2500
kernel_thread+0xd4/0x110 kernel/fork.c:2552
rest_init+0x44/0x4a0 init/main.c:687
arch_call_rest_init+0x1c/0x28
start_kernel+0x520/0x554 init/main.c:1064
0x0
Freed by task 270:
slab_free_hook mm/slub.c:1562 [inline]
slab_free_freelist_hook+0x98/0x260 mm/slub.c:1600
slab_free mm/slub.c:3161 [inline]
kmem_cache_free+0x224/0x8e0 mm/slub.c:3177
put_pid.part.4+0xe0/0x1a8 kernel/pid.c:114
put_pid+0x30/0x48 kernel/pid.c:109
proc_do_cad_pid+0x190/0x1b0 kernel/sysctl.c:1401
proc_sys_call_handler+0x338/0x4b0 fs/proc/proc_sysctl.c:591
proc_sys_write+0x34/0x48 fs/proc/proc_sysctl.c:617
call_write_iter include/linux/fs.h:1977 [inline]
new_sync_write+0x3ac/0x510 fs/read_write.c:518
vfs_write fs/read_write.c:605 [inline]
vfs_write+0x9c4/0x1018 fs/read_write.c:585
ksys_write+0x124/0x240 fs/read_write.c:658
__do_sys_write fs/read_write.c:670 [inline]
__se_sys_write fs/read_write.c:667 [inline]
__arm64_sys_write+0x78/0xb0 fs/read_write.c:667
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
el0_svc_common.constprop.1+0x16c/0x388 arch/arm64/kernel/syscall.c:129
do_el0_svc+0xf8/0x150 arch/arm64/kernel/syscall.c:168
el0_svc+0x28/0x38 arch/arm64/kernel/entry-common.c:416
el0_sync_handler+0x134/0x180 arch/arm64/kernel/entry-common.c:432
el0_sync+0x154/0x180 arch/arm64/kernel/entry.S:701
The buggy address belongs to the object at ffff23794dda0000
which belongs to the cache pid of size 224
The buggy address is located 4 bytes inside of
224-byte region [ff
---truncated---
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < 764c2e892d1fe895392aff62fb353fdce43bb529
(git)
Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < f86c80515a8a3703e0ca2e56deb50fc2879c5ea4 (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < 4dbd8808a591b49b717862e6e0081bcf14a87788 (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < d106f05432e60f9f62d456ef017687f5c73cb414 (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < 2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < 7178be006d495ffb741c329012da289b62dddfe6 (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < b8ff869f20152fbe66b6c2e2715d26a2f9897cca (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < 0711f0d7050b9e07c44bc159bbc64ac0a1022c7f (git) |
|
| Linux | Linux |
Affected:
2.6.19
Unaffected: 0 , < 2.6.19 (semver) Unaffected: 4.4.272 , ≤ 4.4.* (semver) Unaffected: 4.9.272 , ≤ 4.9.* (semver) Unaffected: 4.14.236 , ≤ 4.14.* (semver) Unaffected: 4.19.194 , ≤ 4.19.* (semver) Unaffected: 5.4.125 , ≤ 5.4.* (semver) Unaffected: 5.10.43 , ≤ 5.10.* (semver) Unaffected: 5.12.10 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/764c2e892d1fe895392aff62fb353fdce43bb529"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f86c80515a8a3703e0ca2e56deb50fc2879c5ea4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4dbd8808a591b49b717862e6e0081bcf14a87788"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d106f05432e60f9f62d456ef017687f5c73cb414"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7178be006d495ffb741c329012da289b62dddfe6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8ff869f20152fbe66b6c2e2715d26a2f9897cca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:55:32.497500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:25.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"init/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "764c2e892d1fe895392aff62fb353fdce43bb529",
"status": "affected",
"version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
"versionType": "git"
},
{
"lessThan": "f86c80515a8a3703e0ca2e56deb50fc2879c5ea4",
"status": "affected",
"version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
"versionType": "git"
},
{
"lessThan": "4dbd8808a591b49b717862e6e0081bcf14a87788",
"status": "affected",
"version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
"versionType": "git"
},
{
"lessThan": "d106f05432e60f9f62d456ef017687f5c73cb414",
"status": "affected",
"version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
"versionType": "git"
},
{
"lessThan": "2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff",
"status": "affected",
"version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
"versionType": "git"
},
{
"lessThan": "7178be006d495ffb741c329012da289b62dddfe6",
"status": "affected",
"version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
"versionType": "git"
},
{
"lessThan": "b8ff869f20152fbe66b6c2e2715d26a2f9897cca",
"status": "affected",
"version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
"versionType": "git"
},
{
"lessThan": "0711f0d7050b9e07c44bc159bbc64ac0a1022c7f",
"status": "affected",
"version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"init/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.19"
},
{
"lessThan": "2.6.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.236",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.194",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.43",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.272",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.272",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.236",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.194",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.125",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.43",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.10",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "2.6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npid: take a reference when initializing `cad_pid`\n\nDuring boot, kernel_init_freeable() initializes `cad_pid` to the init\ntask\u0027s struct pid. Later on, we may change `cad_pid` via a sysctl, and\nwhen this happens proc_do_cad_pid() will increment the refcount on the\nnew pid via get_pid(), and will decrement the refcount on the old pid\nvia put_pid(). As we never called get_pid() when we initialized\n`cad_pid`, we decrement a reference we never incremented, can therefore\nfree the init task\u0027s struct pid early. As there can be dangling\nreferences to the struct pid, we can later encounter a use-after-free\n(e.g. when delivering signals).\n\nThis was spotted when fuzzing v5.13-rc3 with Syzkaller, but seems to\nhave been around since the conversion of `cad_pid` to struct pid in\ncommit 9ec52099e4b8 (\"[PATCH] replace cad_pid by a struct pid\") from the\npre-KASAN stone age of v2.6.19.\n\nFix this by getting a reference to the init task\u0027s struct pid when we\nassign it to `cad_pid`.\n\nFull KASAN splat below.\n\n ==================================================================\n BUG: KASAN: use-after-free in ns_of_pid include/linux/pid.h:153 [inline]\n BUG: KASAN: use-after-free in task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509\n Read of size 4 at addr ffff23794dda0004 by task syz-executor.0/273\n\n CPU: 1 PID: 273 Comm: syz-executor.0 Not tainted 5.12.0-00001-g9aef892b2d15 #1\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n ns_of_pid include/linux/pid.h:153 [inline]\n task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509\n do_notify_parent+0x308/0xe60 kernel/signal.c:1950\n exit_notify kernel/exit.c:682 [inline]\n do_exit+0x2334/0x2bd0 kernel/exit.c:845\n do_group_exit+0x108/0x2c8 kernel/exit.c:922\n get_signal+0x4e4/0x2a88 kernel/signal.c:2781\n do_signal arch/arm64/kernel/signal.c:882 [inline]\n do_notify_resume+0x300/0x970 arch/arm64/kernel/signal.c:936\n work_pending+0xc/0x2dc\n\n Allocated by task 0:\n slab_post_alloc_hook+0x50/0x5c0 mm/slab.h:516\n slab_alloc_node mm/slub.c:2907 [inline]\n slab_alloc mm/slub.c:2915 [inline]\n kmem_cache_alloc+0x1f4/0x4c0 mm/slub.c:2920\n alloc_pid+0xdc/0xc00 kernel/pid.c:180\n copy_process+0x2794/0x5e18 kernel/fork.c:2129\n kernel_clone+0x194/0x13c8 kernel/fork.c:2500\n kernel_thread+0xd4/0x110 kernel/fork.c:2552\n rest_init+0x44/0x4a0 init/main.c:687\n arch_call_rest_init+0x1c/0x28\n start_kernel+0x520/0x554 init/main.c:1064\n 0x0\n\n Freed by task 270:\n slab_free_hook mm/slub.c:1562 [inline]\n slab_free_freelist_hook+0x98/0x260 mm/slub.c:1600\n slab_free mm/slub.c:3161 [inline]\n kmem_cache_free+0x224/0x8e0 mm/slub.c:3177\n put_pid.part.4+0xe0/0x1a8 kernel/pid.c:114\n put_pid+0x30/0x48 kernel/pid.c:109\n proc_do_cad_pid+0x190/0x1b0 kernel/sysctl.c:1401\n proc_sys_call_handler+0x338/0x4b0 fs/proc/proc_sysctl.c:591\n proc_sys_write+0x34/0x48 fs/proc/proc_sysctl.c:617\n call_write_iter include/linux/fs.h:1977 [inline]\n new_sync_write+0x3ac/0x510 fs/read_write.c:518\n vfs_write fs/read_write.c:605 [inline]\n vfs_write+0x9c4/0x1018 fs/read_write.c:585\n ksys_write+0x124/0x240 fs/read_write.c:658\n __do_sys_write fs/read_write.c:670 [inline]\n __se_sys_write fs/read_write.c:667 [inline]\n __arm64_sys_write+0x78/0xb0 fs/read_write.c:667\n __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]\n el0_svc_common.constprop.1+0x16c/0x388 arch/arm64/kernel/syscall.c:129\n do_el0_svc+0xf8/0x150 arch/arm64/kernel/syscall.c:168\n el0_svc+0x28/0x38 arch/arm64/kernel/entry-common.c:416\n el0_sync_handler+0x134/0x180 arch/arm64/kernel/entry-common.c:432\n el0_sync+0x154/0x180 arch/arm64/kernel/entry.S:701\n\n The buggy address belongs to the object at ffff23794dda0000\n which belongs to the cache pid of size 224\n The buggy address is located 4 bytes inside of\n 224-byte region [ff\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:48:23.853Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/764c2e892d1fe895392aff62fb353fdce43bb529"
},
{
"url": "https://git.kernel.org/stable/c/f86c80515a8a3703e0ca2e56deb50fc2879c5ea4"
},
{
"url": "https://git.kernel.org/stable/c/4dbd8808a591b49b717862e6e0081bcf14a87788"
},
{
"url": "https://git.kernel.org/stable/c/d106f05432e60f9f62d456ef017687f5c73cb414"
},
{
"url": "https://git.kernel.org/stable/c/2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff"
},
{
"url": "https://git.kernel.org/stable/c/7178be006d495ffb741c329012da289b62dddfe6"
},
{
"url": "https://git.kernel.org/stable/c/b8ff869f20152fbe66b6c2e2715d26a2f9897cca"
},
{
"url": "https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f"
}
],
"title": "pid: take a reference when initializing `cad_pid`",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47118",
"datePublished": "2024-03-15T20:14:25.116Z",
"dateReserved": "2024-03-04T18:12:48.838Z",
"dateUpdated": "2026-05-11T13:48:23.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47153 (GCVE-0-2021-47153)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2026-05-11 13:49
VLAI
EPSS
Title
i2c: i801: Don't generate an interrupt on bus reset
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Don't generate an interrupt on bus reset
Now that the i2c-i801 driver supports interrupts, setting the KILL bit
in a attempt to recover from a timed out transaction triggers an
interrupt. Unfortunately, the interrupt handler (i801_isr) is not
prepared for this situation and will try to process the interrupt as
if it was signaling the end of a successful transaction. In the case
of a block transaction, this can result in an out-of-range memory
access.
This condition was reproduced several times by syzbot:
https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e
https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e
https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e
https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb
https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a
https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79
So disable interrupts while trying to reset the bus. Interrupts will
be enabled again for the following transaction.
Severity
6 (Medium)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
636752bcb5177a301d0266270661581de8624828 , < f9469082126cebb7337db3992d143f5e4edfe629
(git)
Affected: 636752bcb5177a301d0266270661581de8624828 , < 09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3 (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < dfa8929e117b0228a7765f5c3f5988a4a028f3c6 (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < c70e1ba2e7e65255a0ce004f531dd90dada97a8c (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < 04cc05e3716ae31b17ecdab7bc55c8170def1b8b (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < b523feb7e8e44652f92f3babb953a976e7ccbbef (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < 1f583d3813f204449037cd2acbfc09168171362a (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < e4d8716c3dcec47f1557024add24e1f3c09eb24b (git) |
|
| Linux | Linux |
Affected:
3.6
Unaffected: 0 , < 3.6 (semver) Unaffected: 4.4.271 , ≤ 4.4.* (semver) Unaffected: 4.9.271 , ≤ 4.9.* (semver) Unaffected: 4.14.235 , ≤ 4.14.* (semver) Unaffected: 4.19.193 , ≤ 4.19.* (semver) Unaffected: 5.4.124 , ≤ 5.4.* (semver) Unaffected: 5.10.42 , ≤ 5.10.* (semver) Unaffected: 5.12.9 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T19:20:15.941507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:55:32.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9469082126cebb7337db3992d143f5e4edfe629"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dfa8929e117b0228a7765f5c3f5988a4a028f3c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c70e1ba2e7e65255a0ce004f531dd90dada97a8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04cc05e3716ae31b17ecdab7bc55c8170def1b8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b523feb7e8e44652f92f3babb953a976e7ccbbef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f583d3813f204449037cd2acbfc09168171362a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4d8716c3dcec47f1557024add24e1f3c09eb24b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-i801.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f9469082126cebb7337db3992d143f5e4edfe629",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "dfa8929e117b0228a7765f5c3f5988a4a028f3c6",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "c70e1ba2e7e65255a0ce004f531dd90dada97a8c",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "04cc05e3716ae31b17ecdab7bc55c8170def1b8b",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "b523feb7e8e44652f92f3babb953a976e7ccbbef",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "1f583d3813f204449037cd2acbfc09168171362a",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "e4d8716c3dcec47f1557024add24e1f3c09eb24b",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-i801.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Don\u0027t generate an interrupt on bus reset\n\nNow that the i2c-i801 driver supports interrupts, setting the KILL bit\nin a attempt to recover from a timed out transaction triggers an\ninterrupt. Unfortunately, the interrupt handler (i801_isr) is not\nprepared for this situation and will try to process the interrupt as\nif it was signaling the end of a successful transaction. In the case\nof a block transaction, this can result in an out-of-range memory\naccess.\n\nThis condition was reproduced several times by syzbot:\nhttps://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e\nhttps://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e\nhttps://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e\nhttps://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb\nhttps://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a\nhttps://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79\n\nSo disable interrupts while trying to reset the bus. Interrupts will\nbe enabled again for the following transaction."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:49:04.607Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f9469082126cebb7337db3992d143f5e4edfe629"
},
{
"url": "https://git.kernel.org/stable/c/09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3"
},
{
"url": "https://git.kernel.org/stable/c/dfa8929e117b0228a7765f5c3f5988a4a028f3c6"
},
{
"url": "https://git.kernel.org/stable/c/c70e1ba2e7e65255a0ce004f531dd90dada97a8c"
},
{
"url": "https://git.kernel.org/stable/c/04cc05e3716ae31b17ecdab7bc55c8170def1b8b"
},
{
"url": "https://git.kernel.org/stable/c/b523feb7e8e44652f92f3babb953a976e7ccbbef"
},
{
"url": "https://git.kernel.org/stable/c/1f583d3813f204449037cd2acbfc09168171362a"
},
{
"url": "https://git.kernel.org/stable/c/e4d8716c3dcec47f1557024add24e1f3c09eb24b"
}
],
"title": "i2c: i801: Don\u0027t generate an interrupt on bus reset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47153",
"datePublished": "2024-03-25T09:07:47.873Z",
"dateReserved": "2024-03-04T18:12:48.846Z",
"dateUpdated": "2026-05-11T13:49:04.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47171 (GCVE-0-2021-47171)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2026-05-11 13:49
VLAI
EPSS
Title
net: usb: fix memory leak in smsc75xx_bind
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: usb: fix memory leak in smsc75xx_bind
Syzbot reported memory leak in smsc75xx_bind().
The problem was is non-freed memory in case of
errors after memory allocation.
backtrace:
[<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline]
[<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline]
[<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460
[<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d0cad871703b898a442e4049c532ec39168e5b57 , < 200dbfcad8011e50c3cec269ed7b980836eeb1fa
(git)
Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 22c840596af0c09068b6cf948616e6496e59e07f (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 9e6a3eccb28779710cbbafc4f4258d92509c6d07 (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < b95fb96e6339e34694dd578fb6bde3575b01af17 (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 635ac38b36255d3cfb8312cf7c471334f4d537e0 (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 70c886ac93f87ae7214a0c69151a28a8075dd95b (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 46a8b29c6306d8bbfd92b614ef65a47c900d8e70 (git) |
|
| Linux | Linux |
Affected:
2.6.34
Unaffected: 0 , < 2.6.34 (semver) Unaffected: 4.4.271 , ≤ 4.4.* (semver) Unaffected: 4.9.271 , ≤ 4.9.* (semver) Unaffected: 4.14.235 , ≤ 4.14.* (semver) Unaffected: 4.19.193 , ≤ 4.19.* (semver) Unaffected: 5.4.124 , ≤ 5.4.* (semver) Unaffected: 5.10.42 , ≤ 5.10.* (semver) Unaffected: 5.12.9 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:28.610486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:58.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/smsc75xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "200dbfcad8011e50c3cec269ed7b980836eeb1fa",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "22c840596af0c09068b6cf948616e6496e59e07f",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "9e6a3eccb28779710cbbafc4f4258d92509c6d07",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "b95fb96e6339e34694dd578fb6bde3575b01af17",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "635ac38b36255d3cfb8312cf7c471334f4d537e0",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "70c886ac93f87ae7214a0c69151a28a8075dd95b",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "46a8b29c6306d8bbfd92b614ef65a47c900d8e70",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/smsc75xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: fix memory leak in smsc75xx_bind\n\nSyzbot reported memory leak in smsc75xx_bind().\nThe problem was is non-freed memory in case of\nerrors after memory allocation.\n\nbacktrace:\n [\u003cffffffff84245b62\u003e] kmalloc include/linux/slab.h:556 [inline]\n [\u003cffffffff84245b62\u003e] kzalloc include/linux/slab.h:686 [inline]\n [\u003cffffffff84245b62\u003e] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460\n [\u003cffffffff82b5b2e6\u003e] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:49:21.036Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa"
},
{
"url": "https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f"
},
{
"url": "https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc"
},
{
"url": "https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07"
},
{
"url": "https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17"
},
{
"url": "https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0"
},
{
"url": "https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b"
},
{
"url": "https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70"
}
],
"title": "net: usb: fix memory leak in smsc75xx_bind",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47171",
"datePublished": "2024-03-25T09:16:22.993Z",
"dateReserved": "2024-03-25T09:12:14.111Z",
"dateUpdated": "2026-05-11T13:49:21.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47185 (GCVE-0-2021-47185)
Vulnerability from cvelistv5 – Published: 2024-04-10 18:56 – Updated: 2026-05-11 13:49
VLAI
EPSS
Title
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup,
which look like this one:
Workqueue: events_unbound flush_to_ldisc
Call trace:
dump_backtrace+0x0/0x1ec
show_stack+0x24/0x30
dump_stack+0xd0/0x128
panic+0x15c/0x374
watchdog_timer_fn+0x2b8/0x304
__run_hrtimer+0x88/0x2c0
__hrtimer_run_queues+0xa4/0x120
hrtimer_interrupt+0xfc/0x270
arch_timer_handler_phys+0x40/0x50
handle_percpu_devid_irq+0x94/0x220
__handle_domain_irq+0x88/0xf0
gic_handle_irq+0x84/0xfc
el1_irq+0xc8/0x180
slip_unesc+0x80/0x214 [slip]
tty_ldisc_receive_buf+0x64/0x80
tty_port_default_receive_buf+0x50/0x90
flush_to_ldisc+0xbc/0x110
process_one_work+0x1d4/0x4b0
worker_thread+0x180/0x430
kthread+0x11c/0x120
In the testcase pty04, The first process call the write syscall to send
data to the pty master. At the same time, the workqueue will do the
flush_to_ldisc to pop data in a loop until there is no more data left.
When the sender and workqueue running in different core, the sender sends
data fastly in full time which will result in workqueue doing work in loop
for a long time and occuring softlockup in flush_to_ldisc with kernel
configured without preempt. So I add need_resched check and cond_resched
in the flush_to_ldisc loop to avoid it.
Severity
4.4 (Medium)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 0380f643f3a7a61b0845cdc738959c2ad5735d61
(git)
Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < b1ffc16ec05ae40d82b6e373322d62e9d6b54fbc (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 4c1623651a0936ee197859824cdae6ebbd04d3ed (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 4f300f47dbcf9c3d4b2ea76c8554c8f360400725 (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < d491c84df5c469dd9621863b6a770b3428137063 (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 77e9fed33056f2a88eba9dd4d2d5412f0c7d1f41 (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 5c34486f04700f1ba04907231dce0cc2705c2d7d (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 3968ddcf05fb4b9409cd1859feb06a5b0550a1c1 (git) |
|
| Linux | Linux |
Affected:
3.0
Unaffected: 0 , < 3.0 (semver) Unaffected: 4.4.293 , ≤ 4.4.* (semver) Unaffected: 4.9.291 , ≤ 4.9.* (semver) Unaffected: 4.14.256 , ≤ 4.14.* (semver) Unaffected: 4.19.218 , ≤ 4.19.* (semver) Unaffected: 5.4.162 , ≤ 5.4.* (semver) Unaffected: 5.10.82 , ≤ 5.10.* (semver) Unaffected: 5.15.5 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T14:53:32.237242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T14:14:51.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:07.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0380f643f3a7a61b0845cdc738959c2ad5735d61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1ffc16ec05ae40d82b6e373322d62e9d6b54fbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c1623651a0936ee197859824cdae6ebbd04d3ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f300f47dbcf9c3d4b2ea76c8554c8f360400725"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d491c84df5c469dd9621863b6a770b3428137063"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77e9fed33056f2a88eba9dd4d2d5412f0c7d1f41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c34486f04700f1ba04907231dce0cc2705c2d7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3968ddcf05fb4b9409cd1859feb06a5b0550a1c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/tty_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0380f643f3a7a61b0845cdc738959c2ad5735d61",
"status": "affected",
"version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
"versionType": "git"
},
{
"lessThan": "b1ffc16ec05ae40d82b6e373322d62e9d6b54fbc",
"status": "affected",
"version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
"versionType": "git"
},
{
"lessThan": "4c1623651a0936ee197859824cdae6ebbd04d3ed",
"status": "affected",
"version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
"versionType": "git"
},
{
"lessThan": "4f300f47dbcf9c3d4b2ea76c8554c8f360400725",
"status": "affected",
"version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
"versionType": "git"
},
{
"lessThan": "d491c84df5c469dd9621863b6a770b3428137063",
"status": "affected",
"version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
"versionType": "git"
},
{
"lessThan": "77e9fed33056f2a88eba9dd4d2d5412f0c7d1f41",
"status": "affected",
"version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
"versionType": "git"
},
{
"lessThan": "5c34486f04700f1ba04907231dce0cc2705c2d7d",
"status": "affected",
"version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
"versionType": "git"
},
{
"lessThan": "3968ddcf05fb4b9409cd1859feb06a5b0550a1c1",
"status": "affected",
"version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/tty_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.293",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.256",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.218",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.293",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.291",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.256",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.218",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.162",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.82",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.5",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: tty_buffer: Fix the softlockup issue in flush_to_ldisc\n\nWhen running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup,\nwhich look like this one:\n\n Workqueue: events_unbound flush_to_ldisc\n Call trace:\n dump_backtrace+0x0/0x1ec\n show_stack+0x24/0x30\n dump_stack+0xd0/0x128\n panic+0x15c/0x374\n watchdog_timer_fn+0x2b8/0x304\n __run_hrtimer+0x88/0x2c0\n __hrtimer_run_queues+0xa4/0x120\n hrtimer_interrupt+0xfc/0x270\n arch_timer_handler_phys+0x40/0x50\n handle_percpu_devid_irq+0x94/0x220\n __handle_domain_irq+0x88/0xf0\n gic_handle_irq+0x84/0xfc\n el1_irq+0xc8/0x180\n slip_unesc+0x80/0x214 [slip]\n tty_ldisc_receive_buf+0x64/0x80\n tty_port_default_receive_buf+0x50/0x90\n flush_to_ldisc+0xbc/0x110\n process_one_work+0x1d4/0x4b0\n worker_thread+0x180/0x430\n kthread+0x11c/0x120\n\nIn the testcase pty04, The first process call the write syscall to send\ndata to the pty master. At the same time, the workqueue will do the\nflush_to_ldisc to pop data in a loop until there is no more data left.\nWhen the sender and workqueue running in different core, the sender sends\ndata fastly in full time which will result in workqueue doing work in loop\nfor a long time and occuring softlockup in flush_to_ldisc with kernel\nconfigured without preempt. So I add need_resched check and cond_resched\nin the flush_to_ldisc loop to avoid it."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:49:37.452Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0380f643f3a7a61b0845cdc738959c2ad5735d61"
},
{
"url": "https://git.kernel.org/stable/c/b1ffc16ec05ae40d82b6e373322d62e9d6b54fbc"
},
{
"url": "https://git.kernel.org/stable/c/4c1623651a0936ee197859824cdae6ebbd04d3ed"
},
{
"url": "https://git.kernel.org/stable/c/4f300f47dbcf9c3d4b2ea76c8554c8f360400725"
},
{
"url": "https://git.kernel.org/stable/c/d491c84df5c469dd9621863b6a770b3428137063"
},
{
"url": "https://git.kernel.org/stable/c/77e9fed33056f2a88eba9dd4d2d5412f0c7d1f41"
},
{
"url": "https://git.kernel.org/stable/c/5c34486f04700f1ba04907231dce0cc2705c2d7d"
},
{
"url": "https://git.kernel.org/stable/c/3968ddcf05fb4b9409cd1859feb06a5b0550a1c1"
}
],
"title": "tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47185",
"datePublished": "2024-04-10T18:56:25.671Z",
"dateReserved": "2024-03-25T09:12:14.113Z",
"dateUpdated": "2026-05-11T13:49:37.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48627 (GCVE-0-2022-48627)
Vulnerability from cvelistv5 – Published: 2024-03-02 21:31 – Updated: 2026-05-11 18:43
VLAI
EPSS
Title
vt: fix memory overlapping when deleting chars in the buffer
Summary
In the Linux kernel, the following vulnerability has been resolved:
vt: fix memory overlapping when deleting chars in the buffer
A memory overlapping copy occurs when deleting a long line. This memory
overlapping copy can cause data corruption when scr_memcpyw is optimized
to memcpy because memcpy does not ensure its behavior if the destination
buffer overlaps with the source buffer. The line buffer is not always
broken, because the memcpy utilizes the hardware acceleration, whose
result is not deterministic.
Fix this problem by using replacing the scr_memcpyw with scr_memmovew.
Severity
5.5 (Medium)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
81732c3b2fede049a692e58a7ceabb6d18ffb18c , < c8686c014b5e872ba7e334f33ca553f14446fc29
(git)
Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 815be99d934e3292906536275f2b8d5131cdf52c (git) Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < bfee93c9a6c395f9aa62268f1cedf64999844926 (git) Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 57964a5710252bc82fe22d9fa98c180c58c20244 (git) Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 14d2cc21ca622310babf373e3a8f0b40acfe8265 (git) Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 39cdb68c64d84e71a4a717000b6e5de208ee60cc (git) |
|
| Linux | Linux |
Affected:
3.7
Unaffected: 0 , < 3.7 (semver) Unaffected: 4.19.312 , ≤ 4.19.* (semver) Unaffected: 5.4.274 , ≤ 5.4.* (semver) Unaffected: 5.10.132 , ≤ 5.10.* (semver) Unaffected: 5.15.56 , ≤ 5.15.* (semver) Unaffected: 5.18.13 , ≤ 5.18.* (semver) Unaffected: 5.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T14:23:17.504508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:04:55.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/vt/vt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c8686c014b5e872ba7e334f33ca553f14446fc29",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "815be99d934e3292906536275f2b8d5131cdf52c",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "bfee93c9a6c395f9aa62268f1cedf64999844926",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "57964a5710252bc82fe22d9fa98c180c58c20244",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "14d2cc21ca622310babf373e3a8f0b40acfe8265",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
},
{
"lessThan": "39cdb68c64d84e71a4a717000b6e5de208ee60cc",
"status": "affected",
"version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/vt/vt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: fix memory overlapping when deleting chars in the buffer\n\nA memory overlapping copy occurs when deleting a long line. This memory\noverlapping copy can cause data corruption when scr_memcpyw is optimized\nto memcpy because memcpy does not ensure its behavior if the destination\nbuffer overlaps with the source buffer. The line buffer is not always\nbroken, because the memcpy utilizes the hardware acceleration, whose\nresult is not deterministic.\n\nFix this problem by using replacing the scr_memcpyw with scr_memmovew."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T18:43:59.424Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29"
},
{
"url": "https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c"
},
{
"url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926"
},
{
"url": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244"
},
{
"url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265"
},
{
"url": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc"
}
],
"title": "vt: fix memory overlapping when deleting chars in the buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48627",
"datePublished": "2024-03-02T21:31:48.383Z",
"dateReserved": "2024-02-25T13:44:28.314Z",
"dateUpdated": "2026-05-11T18:43:59.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…