cvelistv5 - cve-2021-47500

cve-2021-47500

Vulnerability from cvelistv5

Published

2024-05-24 15:01

Modified

2024-09-11 17:32

Severity

Summary

iio: mma8452: Fix trigger reference couting

References

Source	URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.752Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47500",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:35:45.977945Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:52.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/accel/mma8452.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "094d513b78b1",
              "status": "affected",
              "version": "ae6d9ce05691",
              "versionType": "git"
            },
            {
              "lessThan": "fb75cc4740d8",
              "status": "affected",
              "version": "ae6d9ce05691",
              "versionType": "git"
            },
            {
              "lessThan": "794c0898f6bf",
              "status": "affected",
              "version": "ae6d9ce05691",
              "versionType": "git"
            },
            {
              "lessThan": "f5deab10ced3",
              "status": "affected",
              "version": "ae6d9ce05691",
              "versionType": "git"
            },
            {
              "lessThan": "acf0088ac073",
              "status": "affected",
              "version": "ae6d9ce05691",
              "versionType": "git"
            },
            {
              "lessThan": "db12d9508536",
              "status": "affected",
              "version": "ae6d9ce05691",
              "versionType": "git"
            },
            {
              "lessThan": "c43517071dfc",
              "status": "affected",
              "version": "ae6d9ce05691",
              "versionType": "git"
            },
            {
              "lessThan": "cd0082235783",
              "status": "affected",
              "version": "ae6d9ce05691",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/accel/mma8452.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.295",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.293",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.258",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.221",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.165",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.85",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.8",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: mma8452: Fix trigger reference couting\n\nThe mma8452 driver directly assigns a trigger to the struct iio_dev. The\nIIO core when done using this trigger will call `iio_trigger_put()` to drop\nthe reference count by 1.\n\nWithout the matching `iio_trigger_get()` in the driver the reference count\ncan reach 0 too early, the trigger gets freed while still in use and a\nuse-after-free occurs.\n\nFix this by getting a reference to the trigger before assigning it to the\nIIO device."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:09:02.384Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96"
        },
        {
          "url": "https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8"
        },
        {
          "url": "https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e"
        },
        {
          "url": "https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892"
        }
      ],
      "title": "iio: mma8452: Fix trigger reference couting",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47500",
    "datePublished": "2024-05-24T15:01:43.362Z",
    "dateReserved": "2024-05-22T06:20:56.204Z",
    "dateUpdated": "2024-09-11T17:32:52.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47500\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-24T15:15:09.900\",\"lastModified\":\"2024-05-24T18:09:20.027\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\niio: mma8452: Fix trigger reference couting\\n\\nThe mma8452 driver directly assigns a trigger to the struct iio_dev. The\\nIIO core when done using this trigger will call `iio_trigger_put()` to drop\\nthe reference count by 1.\\n\\nWithout the matching `iio_trigger_get()` in the driver the reference count\\ncan reach 0 too early, the trigger gets freed while still in use and a\\nuse-after-free occurs.\\n\\nFix this by getting a reference to the trigger before assigning it to the\\nIIO device.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: mma8452: correcci\u00f3n del c\u00e1lculo de referencia del disparador El controlador mma8452 asigna directamente un disparador a la estructura iio_dev. El n\u00facleo de IIO, cuando termine de usar este activador, llamar\u00e1 a `iio_trigger_put()` para reducir el recuento de referencias en 1. Sin el `iio_trigger_get()` coincidente en el controlador, el recuento de referencias puede llegar a 0 demasiado pronto, el activador se libera mientras a\u00fan est\u00e1 en se produce un uso y un use-after-free. Solucione este problema obteniendo una referencia al disparador antes de asignarlo al dispositivo IIO.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

wid-sec-w-2024-1235

Vulnerability from csaf_certbund

Published

2024-05-26 22:00

Modified

2024-07-23 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder unspezifische Angriffe durchzuführen.

Betroffene Betriebssysteme

- Linux