cve-2021-47502
Vulnerability from cvelistv5
Published
2024-05-24 15:01
Modified
2024-11-04 12:07
Severity ?
Summary
ASoC: codecs: wcd934x: handle channel mappping list correctly
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T19:19:30.436874Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:14:49.622Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.770Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/codecs/wcd934x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1089dac26c6b",
              "status": "affected",
              "version": "a70d9245759a",
              "versionType": "git"
            },
            {
              "lessThan": "339ffb5b5600",
              "status": "affected",
              "version": "a70d9245759a",
              "versionType": "git"
            },
            {
              "lessThan": "23ba28616d30",
              "status": "affected",
              "version": "a70d9245759a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/codecs/wcd934x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd934x: handle channel mappping list correctly\n\nCurrently each channel is added as list to dai channel list, however\nthere is danger of adding same channel to multiple dai channel list\nwhich endups corrupting the other list where its already added.\n\nThis patch ensures that the channel is actually free before adding to\nthe dai channel list and also ensures that the channel is on the list\nbefore deleting it.\n\nThis check was missing previously, and we did not hit this issue as\nwe were testing very simple usecases with sequence of amixer commands."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T12:07:10.120Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72"
        },
        {
          "url": "https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101"
        }
      ],
      "title": "ASoC: codecs: wcd934x: handle channel mappping list correctly",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47502",
    "datePublished": "2024-05-24T15:01:49.699Z",
    "dateReserved": "2024-05-22T06:20:56.204Z",
    "dateUpdated": "2024-11-04T12:07:10.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47502\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-24T15:15:10.350\",\"lastModified\":\"2024-05-24T18:09:20.027\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nASoC: codecs: wcd934x: handle channel mappping list correctly\\n\\nCurrently each channel is added as list to dai channel list, however\\nthere is danger of adding same channel to multiple dai channel list\\nwhich endups corrupting the other list where its already added.\\n\\nThis patch ensures that the channel is actually free before adding to\\nthe dai channel list and also ensures that the channel is on the list\\nbefore deleting it.\\n\\nThis check was missing previously, and we did not hit this issue as\\nwe were testing very simple usecases with sequence of amixer commands.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: c\u00f3decs: wcd934x: maneja correctamente la lista de asignaci\u00f3n de canales Actualmente, cada canal se agrega como lista a la lista de canales dai, sin embargo, existe el peligro de agregar el mismo canal a varias listas de canales dai, lo que termina corrompiendo la otra lista donde ya est\u00e1 agregada. Este parche garantiza que el canal est\u00e9 realmente libre antes de agregarlo a la lista de canales dai y tambi\u00e9n garantiza que el canal est\u00e9 en la lista antes de eliminarlo. Esta verificaci\u00f3n faltaba anteriormente y no encontramos este problema ya que est\u00e1bamos probando casos de uso muy simples con una secuencia de comandos de amixer.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.