Vulnerability-Lookup

alsa-2024:3618

Vulnerability from osv_almalinux

Published

2024-06-05 00:00

Modified

2024-06-05 17:12

Summary

Moderate: kernel update

Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)
kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340)
kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744)
kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593)
kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445)
kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever (CVE-2024-26603)
kernel: use after free in i2c (CVE-2019-25162)
kernel: i2c: validate user data in compat ioctl (CVE-2021-46934)
kernel: media: dvbdev: Fix memory leak in dvb_media_device_free() (CVE-2020-36777)
kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477)
kernel: mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055)
kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615)
kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627)
kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307)
kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu() (CVE-2023-52565)
kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)
kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (CVE-2023-52528)
kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520)
kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513)
kernel: pid: take a reference when initializing cad_pid (CVE-2021-47118)
kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610)
kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643)
kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)
kernel: i2c: i801: Don't generate an interrupt on bus reset (CVE-2021-47153)
kernel: xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659)
kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664)
kernel: wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779)
kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter (CVE-2024-26744)
kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743)
kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (CVE-2021-47185)
kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901)
kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872)
kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919)
kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964)
kernel: USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934)
kernel: USB: core: Fix deadlock in port "disable" sysfs attribute (CVE-2024-26933)
kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)
kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973)
kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (CVE-2024-27059)
kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)
kernel: net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171)
kernel: powerpc/pseries: Fix potential memleak in papr_get_attr() (CVE-2022-48669)
kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439)
kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (CVE-2023-52594)
kernel: wifi: rt2x00: restart beacon queue when hardware reset (CVE-2023-52595)

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:3618	ADVISORY
	https://access.redhat.com/security/cve/CVE-2019-25162	REPORT
	https://access.redhat.com/security/cve/CVE-2020-36777	REPORT
	https://access.redhat.com/security/cve/CVE-2021-46934	REPORT
	https://access.redhat.com/security/cve/CVE-2021-47013	REPORT
	https://access.redhat.com/security/cve/CVE-2021-47055	REPORT
	https://access.redhat.com/security/cve/CVE-2021-47118	REPORT
	https://access.redhat.com/security/cve/CVE-2021-47153	REPORT
	https://access.redhat.com/security/cve/CVE-2021-47171	REPORT
	https://access.redhat.com/security/cve/CVE-2021-47185	REPORT
	https://access.redhat.com/security/cve/CVE-2022-48627	REPORT
	https://access.redhat.com/security/cve/CVE-2022-48669	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52439	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52445	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52477	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52513	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52520	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52528	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52565	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52578	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52594	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52595	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52598	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52606	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52607	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52610	REPORT
	https://access.redhat.com/security/cve/CVE-2023-6240	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0340	REPORT
	https://access.redhat.com/security/cve/CVE-2024-23307	REPORT
	https://access.redhat.com/security/cve/CVE-2024-25744	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26593	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26603	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26610	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26615	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26642	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26643	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26659	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26664	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26693	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26694	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26743	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26744	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26779	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26872	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26892	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26897	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26901	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26919	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26933	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26934	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26964	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26973	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26993	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27014	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27048	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27052	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27059	REPORT
	https://bugzilla.redhat.com/2250843	REPORT
	https://bugzilla.redhat.com/2257406	REPORT
	https://bugzilla.redhat.com/2263875	REPORT
	https://bugzilla.redhat.com/2265271	REPORT
	https://bugzilla.redhat.com/2265646	REPORT
	https://bugzilla.redhat.com/2265654	REPORT
	https://bugzilla.redhat.com/2265833	REPORT
	https://bugzilla.redhat.com/2266296	REPORT
	https://bugzilla.redhat.com/2266446	REPORT
	https://bugzilla.redhat.com/2266746	REPORT
	https://bugzilla.redhat.com/2266841	REPORT
	https://bugzilla.redhat.com/2267038	REPORT
	https://bugzilla.redhat.com/2267185	REPORT
	https://bugzilla.redhat.com/2267355	REPORT
	https://bugzilla.redhat.com/2267509	REPORT
	https://bugzilla.redhat.com/2267705	REPORT
	https://bugzilla.redhat.com/2267724	REPORT
	https://bugzilla.redhat.com/2267758	REPORT
	https://bugzilla.redhat.com/2267789	REPORT
	https://bugzilla.redhat.com/2267797	REPORT
	https://bugzilla.redhat.com/2267804	REPORT
	https://bugzilla.redhat.com/2268291	REPORT
	https://bugzilla.redhat.com/2268293	REPORT
	https://bugzilla.redhat.com/2268309	REPORT
	https://bugzilla.redhat.com/2268315	REPORT
	https://bugzilla.redhat.com/2268317	REPORT
	https://bugzilla.redhat.com/2269213	REPORT
	https://bugzilla.redhat.com/2269856	REPORT
	https://bugzilla.redhat.com/2270080	REPORT
	https://bugzilla.redhat.com/2270879	REPORT
	https://bugzilla.redhat.com/2270881	REPORT
	https://bugzilla.redhat.com/2271469	REPORT
	https://bugzilla.redhat.com/2271476	REPORT
	https://bugzilla.redhat.com/2272780	REPORT
	https://bugzilla.redhat.com/2272791	REPORT
	https://bugzilla.redhat.com/2273092	REPORT
	https://bugzilla.redhat.com/2273094	REPORT
	https://bugzilla.redhat.com/2273223	REPORT
	https://bugzilla.redhat.com/2273260	REPORT
	https://bugzilla.redhat.com/2273262	REPORT
	https://bugzilla.redhat.com/2274624	REPORT
	https://bugzilla.redhat.com/2275645	REPORT
	https://bugzilla.redhat.com/2275655	REPORT
	https://bugzilla.redhat.com/2275666	REPORT
	https://bugzilla.redhat.com/2275707	REPORT
	https://bugzilla.redhat.com/2275777	REPORT
	https://bugzilla.redhat.com/2278169	REPORT
	https://bugzilla.redhat.com/2278237	REPORT
	https://bugzilla.redhat.com/2278240	REPORT
	https://bugzilla.redhat.com/2278268	REPORT
	https://bugzilla.redhat.com/2278314	REPORT
	https://bugzilla.redhat.com/2278356	REPORT
	https://bugzilla.redhat.com/2278398	REPORT
	https://bugzilla.redhat.com/2278409	REPORT
	https://bugzilla.redhat.com/2278417	REPORT
	https://bugzilla.redhat.com/2278431	REPORT
	https://bugzilla.redhat.com/2278537	REPORT
	https://errata.almalinux.org/8/ALSA-2024-3618.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "bpftool"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-abi-stablelists"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-cross-headers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-headers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools-libs-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "perf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-perf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.5.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Marvin vulnerability side-channel leakage in the RSA decryption\noperation (CVE-2023-6240)\n* kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()\n(CVE-2024-0340)\n* kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744)\n* kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593)\n* kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445)\n* kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer\nthat cause loop forever (CVE-2024-26603)\n* kernel: use after free in i2c (CVE-2019-25162)\n* kernel: i2c: validate user data in compat ioctl (CVE-2021-46934)\n* kernel: media: dvbdev: Fix memory leak in dvb_media_device_free()\n(CVE-2020-36777)\n* kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors\n(CVE-2023-52477)\n* kernel: mtd: require write permissions for locking and badblock ioctls\n(CVE-2021-47055)\n* kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump\n(CVE-2024-26615)\n* kernel: vt: fix memory overlapping when deleting chars in the buffer\n(CVE-2022-48627)\n* kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307)\n* kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu()\n(CVE-2023-52565)\n* kernel: net: bridge: data races indata-races in br_handle_frame_finish()\n(CVE-2023-52578)\n* kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg\n(CVE-2023-52528)\n* kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520)\n* kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513)\n* kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118)\n* kernel: net/sched: act_ct: fix skb leak and crash on ooo frags\n(CVE-2023-52610)\n* kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set\nwith timeout (CVE-2024-26643)\n* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag\n(CVE-2024-26642)\n* kernel: i2c: i801: Don\u0026#39;t generate an interrupt on bus reset\n(CVE-2021-47153)\n* kernel: xhci: handle isoc Babble and Buffer Overrun events properly\n(CVE-2024-26659)\n* kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664)\n* kernel: wifi: mac80211: fix race condition on enabling fast-xmit\n(CVE-2024-26779)\n* kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter\n(CVE-2024-26744)\n* kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743)\n* kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc\n(CVE-2021-47185)\n* kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak\n(CVE-2024-26901)\n* kernel: RDMA/srpt: Do not register event handler until srpt device is fully\nsetup (CVE-2024-26872)\n* kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919)\n* kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964)\n* kernel: USB: core: Fix deadlock in usb_deauthorize_interface()\n(CVE-2024-26934)\n* kernel: USB: core: Fix deadlock in port \u0026#34;disable\u0026#34; sysfs attribute\n(CVE-2024-26933)\n* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection()\n(CVE-2024-26993)\n* kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973)\n* kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command\n(CVE-2024-27059)\n* kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)\n* kernel: net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171)\n* kernel: powerpc/pseries: Fix potential memleak in papr_get_attr() (CVE-2022-48669)\n* kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439)\n* kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (CVE-2023-52594)\n* kernel: wifi: rt2x00: restart beacon queue when hardware reset (CVE-2023-52595)",
  "id": "ALSA-2024:3618",
  "modified": "2024-06-05T17:12:40Z",
  "published": "2024-06-05T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:3618"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2019-25162"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2020-36777"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-46934"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-47013"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-47055"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-47118"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-47153"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-47171"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-47185"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-48627"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-48669"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52439"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52445"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52477"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52513"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52520"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52528"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52565"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52578"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52594"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52595"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52598"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52606"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52607"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52610"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-6240"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0340"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-23307"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-25744"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26593"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26603"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26610"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26615"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26642"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26643"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26659"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26664"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26693"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26694"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26744"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26779"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26872"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26892"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26897"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26901"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26919"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26933"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26934"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26964"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26973"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26993"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27014"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27048"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27052"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27059"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2250843"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257406"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2263875"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2265271"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2265646"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2265654"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2265833"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2266296"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2266446"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2266746"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2266841"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2267038"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2267185"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2267355"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2267509"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2267705"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2267724"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2267758"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2267789"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2267797"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2267804"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268291"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268293"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268309"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268315"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268317"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2269213"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2269856"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270080"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270879"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270881"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2271469"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2271476"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2272780"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2272791"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2273092"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2273094"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2273223"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2273260"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2273262"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2274624"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275645"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275655"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275666"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275707"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275777"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278169"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278237"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278240"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278268"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278314"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278356"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278398"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278409"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278417"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278431"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278537"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-3618.html"
    }
  ],
  "related": [
    "CVE-2023-6240",
    "CVE-2024-0340",
    "CVE-2024-25744",
    "CVE-2024-26593",
    "CVE-2023-52445",
    "CVE-2024-26603",
    "CVE-2019-25162",
    "CVE-2021-46934",
    "CVE-2020-36777",
    "CVE-2023-52477",
    "CVE-2021-47055",
    "CVE-2024-26615",
    "CVE-2022-48627",
    "CVE-2024-23307",
    "CVE-2023-52565",
    "CVE-2023-52578",
    "CVE-2023-52528",
    "CVE-2023-52520",
    "CVE-2023-52513",
    "CVE-2021-47118",
    "CVE-2023-52610",
    "CVE-2024-26643",
    "CVE-2024-26642",
    "CVE-2021-47153",
    "CVE-2024-26659",
    "CVE-2024-26664",
    "CVE-2024-26779",
    "CVE-2024-26744",
    "CVE-2024-26743",
    "CVE-2021-47185",
    "CVE-2024-26901",
    "CVE-2024-26872",
    "CVE-2024-26919",
    "CVE-2024-26964",
    "CVE-2024-26934",
    "CVE-2024-26933",
    "CVE-2024-26993",
    "CVE-2024-26973",
    "CVE-2024-27059",
    "CVE-2021-47013",
    "CVE-2021-47171",
    "CVE-2022-48669",
    "CVE-2023-52439",
    "CVE-2023-52594",
    "CVE-2023-52595"
  ],
  "summary": "Moderate: kernel update"
}

CVE-2019-25162 (GCVE-0-2019-25162)

Vulnerability from cvelistv5 – Published: 2024-02-26 17:20 – Updated: 2026-05-11 13:41

Title

i2c: Fix a potential use after free

Summary

In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, added Fixes tag]

Severity ?

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/e6412ba3b6508bdf9…
https://git.kernel.org/stable/c/23a191b132cd87f74…
https://git.kernel.org/stable/c/871a1e94929a27bf6…
https://git.kernel.org/stable/c/81cb31756888bb062…
https://git.kernel.org/stable/c/35927d7509ab9bf41…
https://git.kernel.org/stable/c/e8e1a046cf87c8b13…
https://git.kernel.org/stable/c/12b0606000d082863…
https://git.kernel.org/stable/c/e4c72c06c367758a1…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < e6412ba3b6508bdf9c074d310bf4144afa6aec1a (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 23a191b132cd87f746c62f3dc27da33683d85829 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 871a1e94929a27bf6e2cd99523865c840bbc2d87 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 81cb31756888bb062e92d2dca21cd629d77a46a9 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 35927d7509ab9bf41896b7e44f639504eae08af7 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < e8e1a046cf87c8b1363e5de835114f2779e2aaf4 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 12b0606000d0828630c033bf0c74c748464fe87d (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < e4c72c06c367758a14f227c847f9d623f1994ecf (git)
Linux	Linux	Affected: 4.3 Unaffected: 0 , < 4.3 (semver) Unaffected: 4.14.291 , ≤ 4.14.* (semver) Unaffected: 4.19.256 , ≤ 4.19.* (semver) Unaffected: 5.4.211 , ≤ 5.4.* (semver) Unaffected: 5.10.137 , ≤ 5.10.* (semver) Unaffected: 5.15.61 , ≤ 5.15.* (semver) Unaffected: 5.18.18 , ≤ 5.18.* (semver) Unaffected: 5.19.2 , ≤ 5.19.* (semver) Unaffected: 6.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:00:19.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25162",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-19T18:51:49.719341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-19T18:51:57.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-core-base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e6412ba3b6508bdf9c074d310bf4144afa6aec1a",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "23a191b132cd87f746c62f3dc27da33683d85829",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "871a1e94929a27bf6e2cd99523865c840bbc2d87",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "81cb31756888bb062e92d2dca21cd629d77a46a9",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "35927d7509ab9bf41896b7e44f639504eae08af7",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "e8e1a046cf87c8b1363e5de835114f2779e2aaf4",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "12b0606000d0828630c033bf0c74c748464fe87d",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "e4c72c06c367758a14f227c847f9d623f1994ecf",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-core-base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.256",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.137",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.291",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.256",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.211",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.137",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.61",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.18",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.2",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: Fix a potential use after free\n\nFree the adap structure only after we are done using it.\nThis patch just moves the put_device() down a bit to avoid the\nuse after free.\n\n[wsa: added comment to the code, added Fixes tag]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:41:57.983Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829"
        },
        {
          "url": "https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87"
        },
        {
          "url": "https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4"
        },
        {
          "url": "https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf"
        }
      ],
      "title": "i2c: Fix a potential use after free",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2019-25162",
    "datePublished": "2024-02-26T17:20:20.846Z",
    "dateReserved": "2024-02-26T17:07:20.465Z",
    "dateUpdated": "2026-05-11T13:41:57.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2020-36777 (GCVE-0-2020-36777)

Vulnerability from cvelistv5 – Published: 2024-02-27 18:40 – Updated: 2026-05-11 13:42

Title

media: dvbdev: Fix memory leak in dvb_media_device_free()

Summary

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn` before setting it to NULL, as documented in include/media/media-device.h: "The media_entity instance itself must be freed explicitly by the driver if required."

Severity ?

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/06854b943e0571ccb…
https://git.kernel.org/stable/c/32168ca1f12331684…
https://git.kernel.org/stable/c/cd89f79be5d553c78…
https://git.kernel.org/stable/c/9185b3b1c143b8da4…
https://git.kernel.org/stable/c/43263fd43083e4123…
https://git.kernel.org/stable/c/9ad15e214fcd73694…
https://git.kernel.org/stable/c/cede24d13be6c2a62…
https://git.kernel.org/stable/c/bf9a40ae8d722f281…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 06854b943e0571ccbd7ad0a529babed1a98ff275 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 32168ca1f123316848fffb85d059860adf3c409f (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < cd89f79be5d553c78202f686e8e4caa5fbe94e98 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 9185b3b1c143b8da409c19ac5a785aa18d67a81b (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 43263fd43083e412311fa764cd04a727b0c6a749 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 9ad15e214fcd73694ea51967d86055f47b802066 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < cede24d13be6c2a62be6d7ceea63c2719b0cfa82 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < bf9a40ae8d722f281a2721779595d6df1c33a0bf (git)
Linux	Linux	Affected: 4.5 Unaffected: 0 , < 4.5 (semver) Unaffected: 4.9.269 , ≤ 4.9.* (semver) Unaffected: 4.14.233 , ≤ 4.14.* (semver) Unaffected: 4.19.191 , ≤ 4.19.* (semver) Unaffected: 5.4.118 , ≤ 5.4.* (semver) Unaffected: 5.10.36 , ≤ 5.10.* (semver) Unaffected: 5.11.20 , ≤ 5.11.* (semver) Unaffected: 5.12.3 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-36777",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-11T16:40:26.925342Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:13.278Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:37:07.001Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-core/dvbdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "06854b943e0571ccbd7ad0a529babed1a98ff275",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "32168ca1f123316848fffb85d059860adf3c409f",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "cd89f79be5d553c78202f686e8e4caa5fbe94e98",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "9185b3b1c143b8da409c19ac5a785aa18d67a81b",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "43263fd43083e412311fa764cd04a727b0c6a749",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "9ad15e214fcd73694ea51967d86055f47b802066",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "cede24d13be6c2a62be6d7ceea63c2719b0cfa82",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "bf9a40ae8d722f281a2721779595d6df1c33a0bf",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-core/dvbdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "lessThan": "4.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.191",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.118",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.269",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.233",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.191",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.118",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.36",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.20",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.3",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: Fix memory leak in dvb_media_device_free()\n\ndvb_media_device_free() is leaking memory. Free `dvbdev-\u003eadapter-\u003econn`\nbefore setting it to NULL, as documented in include/media/media-device.h:\n\"The media_entity instance itself must be freed explicitly by the driver\nif required.\""
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:42:41.832Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275"
        },
        {
          "url": "https://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98"
        },
        {
          "url": "https://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b"
        },
        {
          "url": "https://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066"
        },
        {
          "url": "https://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf"
        }
      ],
      "title": "media: dvbdev: Fix memory leak in dvb_media_device_free()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2020-36777",
    "datePublished": "2024-02-27T18:40:26.245Z",
    "dateReserved": "2024-02-26T17:07:27.434Z",
    "dateUpdated": "2026-05-11T13:42:41.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46934 (GCVE-0-2021-46934)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:44 – Updated: 2026-05-11 13:44

Title

i2c: validate user data in compat ioctl

Summary

In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to prevent reported warnings

Severity ?

No CVSS data available.

Assigner

Linux

References

5 references

URL	Tags
https://git.kernel.org/stable/c/407c8708fb1bf2d4a…
https://git.kernel.org/stable/c/9e4a3f47eff476097…
https://git.kernel.org/stable/c/8d31cbab4c295d701…
https://git.kernel.org/stable/c/f68599581067e8a5a…
https://git.kernel.org/stable/c/bb436283e25aaf153…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < 407c8708fb1bf2d4afc5337ef50635cf540c364b (git) Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < 9e4a3f47eff476097e0c7faac04d1831fc70237d (git) Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < 8d31cbab4c295d7010ebb729e9d02d0e9cece18f (git) Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < f68599581067e8a5a8901ba9eb270b4519690e26 (git) Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < bb436283e25aaf1533ce061605d23a9564447bdf (git)
Linux	Linux	Affected: 4.15 Unaffected: 0 , < 4.15 (semver) Unaffected: 4.19.224 , ≤ 4.19.* (semver) Unaffected: 5.4.170 , ≤ 5.4.* (semver) Unaffected: 5.10.90 , ≤ 5.10.* (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T16:18:35.081460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:06.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "407c8708fb1bf2d4afc5337ef50635cf540c364b",
              "status": "affected",
              "version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
              "versionType": "git"
            },
            {
              "lessThan": "9e4a3f47eff476097e0c7faac04d1831fc70237d",
              "status": "affected",
              "version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
              "versionType": "git"
            },
            {
              "lessThan": "8d31cbab4c295d7010ebb729e9d02d0e9cece18f",
              "status": "affected",
              "version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
              "versionType": "git"
            },
            {
              "lessThan": "f68599581067e8a5a8901ba9eb270b4519690e26",
              "status": "affected",
              "version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
              "versionType": "git"
            },
            {
              "lessThan": "bb436283e25aaf1533ce061605d23a9564447bdf",
              "status": "affected",
              "version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.224",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.170",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.90",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: validate user data in compat ioctl\n\nWrong user data may cause warning in i2c_transfer(), ex: zero msgs.\nUserspace should not be able to trigger warnings, so this patch adds\nvalidation checks for user data in compact ioctl to prevent reported\nwarnings"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:43.916Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f"
        },
        {
          "url": "https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf"
        }
      ],
      "title": "i2c: validate user data in compat ioctl",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46934",
    "datePublished": "2024-02-27T09:44:01.411Z",
    "dateReserved": "2024-02-25T13:45:52.720Z",
    "dateUpdated": "2026-05-11T13:44:43.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47013 (GCVE-0-2021-47013)

Vulnerability from cvelistv5 – Published: 2024-02-28 08:13 – Updated: 2026-05-11 13:46

Title

net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send

Summary

In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len to 'len' before the possible free and use 'len' instead of skb->len later.

Severity ?

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/c7f75d11fe72913d2…
https://git.kernel.org/stable/c/dc1b438a35773d030…
https://git.kernel.org/stable/c/16d8c44be52e36509…
https://git.kernel.org/stable/c/55fcdd1258faaecca…
https://git.kernel.org/stable/c/9dc373f74097edd0e…
https://git.kernel.org/stable/c/8c06f34785068b87e…
https://git.kernel.org/stable/c/e407495ba6788a67d…
https://git.kernel.org/stable/c/6d72e7c767acbbdd4…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < c7f75d11fe72913d2619f97b2334b083cd7bb955 (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < dc1b438a35773d030be0ee80d9c635c3e558a322 (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < 16d8c44be52e3650917736d45f5904384a9da834 (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < 55fcdd1258faaecca74b91b88cc0921f9edd775d (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < 9dc373f74097edd0e35f3393d6248eda8d1ba99d (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < 8c06f34785068b87e2b560534c77c163d6c6dca7 (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < e407495ba6788a67d1bd41714158c079e340879b (git) Affected: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf , < 6d72e7c767acbbdd44ebc7d89c6690b405b32b57 (git)
Linux	Linux	Affected: 4.9 Unaffected: 0 , < 4.9 (semver) Unaffected: 4.9.269 , ≤ 4.9.* (semver) Unaffected: 4.14.233 , ≤ 4.14.* (semver) Unaffected: 4.19.191 , ≤ 4.19.* (semver) Unaffected: 5.4.119 , ≤ 5.4.* (semver) Unaffected: 5.10.37 , ≤ 5.10.* (semver) Unaffected: 5.11.21 , ≤ 5.11.* (semver) Unaffected: 5.12.4 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-28T19:56:27.719807Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:13:43.156Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.713Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/qualcomm/emac/emac-mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c7f75d11fe72913d2619f97b2334b083cd7bb955",
              "status": "affected",
              "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
              "versionType": "git"
            },
            {
              "lessThan": "dc1b438a35773d030be0ee80d9c635c3e558a322",
              "status": "affected",
              "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
              "versionType": "git"
            },
            {
              "lessThan": "16d8c44be52e3650917736d45f5904384a9da834",
              "status": "affected",
              "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
              "versionType": "git"
            },
            {
              "lessThan": "55fcdd1258faaecca74b91b88cc0921f9edd775d",
              "status": "affected",
              "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
              "versionType": "git"
            },
            {
              "lessThan": "9dc373f74097edd0e35f3393d6248eda8d1ba99d",
              "status": "affected",
              "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
              "versionType": "git"
            },
            {
              "lessThan": "8c06f34785068b87e2b560534c77c163d6c6dca7",
              "status": "affected",
              "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
              "versionType": "git"
            },
            {
              "lessThan": "e407495ba6788a67d1bd41714158c079e340879b",
              "status": "affected",
              "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
              "versionType": "git"
            },
            {
              "lessThan": "6d72e7c767acbbdd44ebc7d89c6690b405b32b57",
              "status": "affected",
              "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/qualcomm/emac/emac-mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.191",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.269",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.233",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.191",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.119",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.37",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.21",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.4",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send\n\nIn emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).\nIf some error happens in emac_tx_fill_tpd(), the skb will be freed via\ndev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().\nBut the freed skb is still used via skb-\u003elen by netdev_sent_queue(,skb-\u003elen).\n\nAs i observed that emac_tx_fill_tpd() haven\u0027t modified the value of skb-\u003elen,\nthus my patch assigns skb-\u003elen to \u0027len\u0027 before the possible free and\nuse \u0027len\u0027 instead of skb-\u003elen later."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:46:16.357Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322"
        },
        {
          "url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834"
        },
        {
          "url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57"
        }
      ],
      "title": "net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47013",
    "datePublished": "2024-02-28T08:13:30.905Z",
    "dateReserved": "2024-02-27T18:42:55.953Z",
    "dateUpdated": "2026-05-11T13:46:16.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47055 (GCVE-0-2021-47055)

Vulnerability from cvelistv5 – Published: 2024-02-29 22:37 – Updated: 2026-05-23 15:19

Title

mtd: require write permissions for locking and badblock ioctls

Summary

In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK is always write-once. MEMSETBADBLOCK modifies the bad block table.

Severity ?

No CVSS data available.

Assigner

Linux

References

9 references

URL	Tags
https://git.kernel.org/stable/c/f4d28d8b9b0e7c4ae…
https://git.kernel.org/stable/c/9625b00cac6630479…
https://git.kernel.org/stable/c/f73b29819c6314c0b…
https://git.kernel.org/stable/c/75ed985bd6c8ac1d4…
https://git.kernel.org/stable/c/5880afefe0cb9b2d5…
https://git.kernel.org/stable/c/7b6552719c0ccbbea…
https://git.kernel.org/stable/c/077259f5e777c3c88…
https://git.kernel.org/stable/c/a08799d3e8c808864…
https://git.kernel.org/stable/c/1e97743fd180981be…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 1c9f9125892a43901438bf704ada6b7019e2a884 , < f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf (git) Affected: 583d42400532fbd6228b0254d7c732b771e4750d , < 9625b00cac6630479c0ff4b9fafa88bee636e1f0 (git) Affected: 389c74c218d3b182e9cd767e98cee0e0fd0dabaa , < f73b29819c6314c0ba8b7d5892dfb03487424bee (git) Affected: ab1a602a9cea98aa37b2e6851b168d2a2633a58d , < 75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37 (git) Affected: 9a53e8bd59d9f070505e51d3fd19606a270e6b93 , < 5880afefe0cb9b2d5e801816acd58bfe91a96981 (git) Affected: f7e6b19bc76471ba03725fe58e0c218a3d6266c3 , < 7b6552719c0ccbbea29dde4be141da54fdb5877e (git) Affected: f7e6b19bc76471ba03725fe58e0c218a3d6266c3 , < 077259f5e777c3c8821f6b41dee709fcda27306b (git) Affected: f7e6b19bc76471ba03725fe58e0c218a3d6266c3 , < a08799d3e8c8088640956237c183f83463c39668 (git) Affected: f7e6b19bc76471ba03725fe58e0c218a3d6266c3 , < 1e97743fd180981bef5f01402342bb54bf1c6366 (git) Affected: 36a8b2f49235e63ab3f901fe12e1b6732f075c2e (git) Affected: eb3d82abc335624a5e8ecfb75aba0b684e2dc4db (git) Affected: 4.4.233 , < 4.4.269 (semver) Affected: 4.9.233 , < 4.9.269 (semver) Affected: 4.14.194 , < 4.14.233 (semver) Affected: 4.19.139 , < 4.19.191 (semver) Affected: 5.4.58 , < 5.4.119 (semver) Affected: 5.7.15 , < 5.8 (semver) Affected: 5.8.1 , < 5.9 (semver)
Linux	Linux	Affected: 5.9 Unaffected: 0 , < 5.9 (semver) Unaffected: 4.4.269 , ≤ 4.4.* (semver) Unaffected: 4.9.269 , ≤ 4.9.* (semver) Unaffected: 4.14.233 , ≤ 4.14.* (semver) Unaffected: 4.19.191 , ≤ 4.19.* (semver) Unaffected: 5.4.119 , ≤ 5.4.* (semver) Unaffected: 5.10.37 , ≤ 5.10.* (semver) Unaffected: 5.11.21 , ≤ 5.11.* (semver) Unaffected: 5.12.4 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47055",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-01T15:53:21.546664Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:13:55.596Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9625b00cac6630479c0ff4b9fafa88bee636e1f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f73b29819c6314c0ba8b7d5892dfb03487424bee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5880afefe0cb9b2d5e801816acd58bfe91a96981"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7b6552719c0ccbbea29dde4be141da54fdb5877e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/077259f5e777c3c8821f6b41dee709fcda27306b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a08799d3e8c8088640956237c183f83463c39668"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1e97743fd180981bef5f01402342bb54bf1c6366"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/mtdchar.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf",
              "status": "affected",
              "version": "1c9f9125892a43901438bf704ada6b7019e2a884",
              "versionType": "git"
            },
            {
              "lessThan": "9625b00cac6630479c0ff4b9fafa88bee636e1f0",
              "status": "affected",
              "version": "583d42400532fbd6228b0254d7c732b771e4750d",
              "versionType": "git"
            },
            {
              "lessThan": "f73b29819c6314c0ba8b7d5892dfb03487424bee",
              "status": "affected",
              "version": "389c74c218d3b182e9cd767e98cee0e0fd0dabaa",
              "versionType": "git"
            },
            {
              "lessThan": "75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37",
              "status": "affected",
              "version": "ab1a602a9cea98aa37b2e6851b168d2a2633a58d",
              "versionType": "git"
            },
            {
              "lessThan": "5880afefe0cb9b2d5e801816acd58bfe91a96981",
              "status": "affected",
              "version": "9a53e8bd59d9f070505e51d3fd19606a270e6b93",
              "versionType": "git"
            },
            {
              "lessThan": "7b6552719c0ccbbea29dde4be141da54fdb5877e",
              "status": "affected",
              "version": "f7e6b19bc76471ba03725fe58e0c218a3d6266c3",
              "versionType": "git"
            },
            {
              "lessThan": "077259f5e777c3c8821f6b41dee709fcda27306b",
              "status": "affected",
              "version": "f7e6b19bc76471ba03725fe58e0c218a3d6266c3",
              "versionType": "git"
            },
            {
              "lessThan": "a08799d3e8c8088640956237c183f83463c39668",
              "status": "affected",
              "version": "f7e6b19bc76471ba03725fe58e0c218a3d6266c3",
              "versionType": "git"
            },
            {
              "lessThan": "1e97743fd180981bef5f01402342bb54bf1c6366",
              "status": "affected",
              "version": "f7e6b19bc76471ba03725fe58e0c218a3d6266c3",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "36a8b2f49235e63ab3f901fe12e1b6732f075c2e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "eb3d82abc335624a5e8ecfb75aba0b684e2dc4db",
              "versionType": "git"
            },
            {
              "lessThan": "4.4.269",
              "status": "affected",
              "version": "4.4.233",
              "versionType": "semver"
            },
            {
              "lessThan": "4.9.269",
              "status": "affected",
              "version": "4.9.233",
              "versionType": "semver"
            },
            {
              "lessThan": "4.14.233",
              "status": "affected",
              "version": "4.14.194",
              "versionType": "semver"
            },
            {
              "lessThan": "4.19.191",
              "status": "affected",
              "version": "4.19.139",
              "versionType": "semver"
            },
            {
              "lessThan": "5.4.119",
              "status": "affected",
              "version": "5.4.58",
              "versionType": "semver"
            },
            {
              "lessThan": "5.8",
              "status": "affected",
              "version": "5.7.15",
              "versionType": "semver"
            },
            {
              "lessThan": "5.9",
              "status": "affected",
              "version": "5.8.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/mtdchar.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.191",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.269",
                  "versionStartIncluding": "4.4.233",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.269",
                  "versionStartIncluding": "4.9.233",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.233",
                  "versionStartIncluding": "4.14.194",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.191",
                  "versionStartIncluding": "4.19.139",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.119",
                  "versionStartIncluding": "5.4.58",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.37",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.21",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.4",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.7.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.8.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: require write permissions for locking and badblock ioctls\n\nMEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require\nwrite permission. Depending on the hardware MEMLOCK might even be\nwrite-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK\nis always write-once.\n\nMEMSETBADBLOCK modifies the bad block table."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:19:10.230Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/9625b00cac6630479c0ff4b9fafa88bee636e1f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f73b29819c6314c0ba8b7d5892dfb03487424bee"
        },
        {
          "url": "https://git.kernel.org/stable/c/75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37"
        },
        {
          "url": "https://git.kernel.org/stable/c/5880afefe0cb9b2d5e801816acd58bfe91a96981"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b6552719c0ccbbea29dde4be141da54fdb5877e"
        },
        {
          "url": "https://git.kernel.org/stable/c/077259f5e777c3c8821f6b41dee709fcda27306b"
        },
        {
          "url": "https://git.kernel.org/stable/c/a08799d3e8c8088640956237c183f83463c39668"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e97743fd180981bef5f01402342bb54bf1c6366"
        }
      ],
      "title": "mtd: require write permissions for locking and badblock ioctls",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47055",
    "datePublished": "2024-02-29T22:37:30.071Z",
    "dateReserved": "2024-02-29T22:33:44.293Z",
    "dateUpdated": "2026-05-23T15:19:10.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47118 (GCVE-0-2021-47118)

Vulnerability from cvelistv5 – Published: 2024-03-15 20:14 – Updated: 2026-05-11 13:48

Title

pid: take a reference when initializing `cad_pid`

Summary

In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's struct pid. Later on, we may change `cad_pid` via a sysctl, and when this happens proc_do_cad_pid() will increment the refcount on the new pid via get_pid(), and will decrement the refcount on the old pid via put_pid(). As we never called get_pid() when we initialized `cad_pid`, we decrement a reference we never incremented, can therefore free the init task's struct pid early. As there can be dangling references to the struct pid, we can later encounter a use-after-free (e.g. when delivering signals). This was spotted when fuzzing v5.13-rc3 with Syzkaller, but seems to have been around since the conversion of `cad_pid` to struct pid in commit 9ec52099e4b8 ("[PATCH] replace cad_pid by a struct pid") from the pre-KASAN stone age of v2.6.19. Fix this by getting a reference to the init task's struct pid when we assign it to `cad_pid`. Full KASAN splat below. ================================================================== BUG: KASAN: use-after-free in ns_of_pid include/linux/pid.h:153 [inline] BUG: KASAN: use-after-free in task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509 Read of size 4 at addr ffff23794dda0004 by task syz-executor.0/273 CPU: 1 PID: 273 Comm: syz-executor.0 Not tainted 5.12.0-00001-g9aef892b2d15 #1 Hardware name: linux,dummy-virt (DT) Call trace: ns_of_pid include/linux/pid.h:153 [inline] task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509 do_notify_parent+0x308/0xe60 kernel/signal.c:1950 exit_notify kernel/exit.c:682 [inline] do_exit+0x2334/0x2bd0 kernel/exit.c:845 do_group_exit+0x108/0x2c8 kernel/exit.c:922 get_signal+0x4e4/0x2a88 kernel/signal.c:2781 do_signal arch/arm64/kernel/signal.c:882 [inline] do_notify_resume+0x300/0x970 arch/arm64/kernel/signal.c:936 work_pending+0xc/0x2dc Allocated by task 0: slab_post_alloc_hook+0x50/0x5c0 mm/slab.h:516 slab_alloc_node mm/slub.c:2907 [inline] slab_alloc mm/slub.c:2915 [inline] kmem_cache_alloc+0x1f4/0x4c0 mm/slub.c:2920 alloc_pid+0xdc/0xc00 kernel/pid.c:180 copy_process+0x2794/0x5e18 kernel/fork.c:2129 kernel_clone+0x194/0x13c8 kernel/fork.c:2500 kernel_thread+0xd4/0x110 kernel/fork.c:2552 rest_init+0x44/0x4a0 init/main.c:687 arch_call_rest_init+0x1c/0x28 start_kernel+0x520/0x554 init/main.c:1064 0x0 Freed by task 270: slab_free_hook mm/slub.c:1562 [inline] slab_free_freelist_hook+0x98/0x260 mm/slub.c:1600 slab_free mm/slub.c:3161 [inline] kmem_cache_free+0x224/0x8e0 mm/slub.c:3177 put_pid.part.4+0xe0/0x1a8 kernel/pid.c:114 put_pid+0x30/0x48 kernel/pid.c:109 proc_do_cad_pid+0x190/0x1b0 kernel/sysctl.c:1401 proc_sys_call_handler+0x338/0x4b0 fs/proc/proc_sysctl.c:591 proc_sys_write+0x34/0x48 fs/proc/proc_sysctl.c:617 call_write_iter include/linux/fs.h:1977 [inline] new_sync_write+0x3ac/0x510 fs/read_write.c:518 vfs_write fs/read_write.c:605 [inline] vfs_write+0x9c4/0x1018 fs/read_write.c:585 ksys_write+0x124/0x240 fs/read_write.c:658 __do_sys_write fs/read_write.c:670 [inline] __se_sys_write fs/read_write.c:667 [inline] __arm64_sys_write+0x78/0xb0 fs/read_write.c:667 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall arch/arm64/kernel/syscall.c:49 [inline] el0_svc_common.constprop.1+0x16c/0x388 arch/arm64/kernel/syscall.c:129 do_el0_svc+0xf8/0x150 arch/arm64/kernel/syscall.c:168 el0_svc+0x28/0x38 arch/arm64/kernel/entry-common.c:416 el0_sync_handler+0x134/0x180 arch/arm64/kernel/entry-common.c:432 el0_sync+0x154/0x180 arch/arm64/kernel/entry.S:701 The buggy address belongs to the object at ffff23794dda0000 which belongs to the cache pid of size 224 The buggy address is located 4 bytes inside of 224-byte region [ff ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/764c2e892d1fe8953…
https://git.kernel.org/stable/c/f86c80515a8a3703e…
https://git.kernel.org/stable/c/4dbd8808a591b49b7…
https://git.kernel.org/stable/c/d106f05432e60f9f6…
https://git.kernel.org/stable/c/2cd6eedfa6344f5ef…
https://git.kernel.org/stable/c/7178be006d495ffb7…
https://git.kernel.org/stable/c/b8ff869f20152fbe6…
https://git.kernel.org/stable/c/0711f0d7050b9e07c…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < 764c2e892d1fe895392aff62fb353fdce43bb529 (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < f86c80515a8a3703e0ca2e56deb50fc2879c5ea4 (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < 4dbd8808a591b49b717862e6e0081bcf14a87788 (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < d106f05432e60f9f62d456ef017687f5c73cb414 (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < 2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < 7178be006d495ffb741c329012da289b62dddfe6 (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < b8ff869f20152fbe66b6c2e2715d26a2f9897cca (git) Affected: 9ec52099e4b8678a60e9f93e41ad87885d64f3e6 , < 0711f0d7050b9e07c44bc159bbc64ac0a1022c7f (git)
Linux	Linux	Affected: 2.6.19 Unaffected: 0 , < 2.6.19 (semver) Unaffected: 4.4.272 , ≤ 4.4.* (semver) Unaffected: 4.9.272 , ≤ 4.9.* (semver) Unaffected: 4.14.236 , ≤ 4.14.* (semver) Unaffected: 4.19.194 , ≤ 4.19.* (semver) Unaffected: 5.4.125 , ≤ 5.4.* (semver) Unaffected: 5.10.43 , ≤ 5.10.* (semver) Unaffected: 5.12.10 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.826Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/764c2e892d1fe895392aff62fb353fdce43bb529"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f86c80515a8a3703e0ca2e56deb50fc2879c5ea4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4dbd8808a591b49b717862e6e0081bcf14a87788"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d106f05432e60f9f62d456ef017687f5c73cb414"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7178be006d495ffb741c329012da289b62dddfe6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b8ff869f20152fbe66b6c2e2715d26a2f9897cca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:55:32.497500Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:25.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "init/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "764c2e892d1fe895392aff62fb353fdce43bb529",
              "status": "affected",
              "version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
              "versionType": "git"
            },
            {
              "lessThan": "f86c80515a8a3703e0ca2e56deb50fc2879c5ea4",
              "status": "affected",
              "version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
              "versionType": "git"
            },
            {
              "lessThan": "4dbd8808a591b49b717862e6e0081bcf14a87788",
              "status": "affected",
              "version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
              "versionType": "git"
            },
            {
              "lessThan": "d106f05432e60f9f62d456ef017687f5c73cb414",
              "status": "affected",
              "version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
              "versionType": "git"
            },
            {
              "lessThan": "2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff",
              "status": "affected",
              "version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
              "versionType": "git"
            },
            {
              "lessThan": "7178be006d495ffb741c329012da289b62dddfe6",
              "status": "affected",
              "version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
              "versionType": "git"
            },
            {
              "lessThan": "b8ff869f20152fbe66b6c2e2715d26a2f9897cca",
              "status": "affected",
              "version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
              "versionType": "git"
            },
            {
              "lessThan": "0711f0d7050b9e07c44bc159bbc64ac0a1022c7f",
              "status": "affected",
              "version": "9ec52099e4b8678a60e9f93e41ad87885d64f3e6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "init/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.19"
            },
            {
              "lessThan": "2.6.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.272",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.272",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.236",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.194",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.272",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.272",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.236",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.194",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.125",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.43",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.10",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npid: take a reference when initializing `cad_pid`\n\nDuring boot, kernel_init_freeable() initializes `cad_pid` to the init\ntask\u0027s struct pid.  Later on, we may change `cad_pid` via a sysctl, and\nwhen this happens proc_do_cad_pid() will increment the refcount on the\nnew pid via get_pid(), and will decrement the refcount on the old pid\nvia put_pid().  As we never called get_pid() when we initialized\n`cad_pid`, we decrement a reference we never incremented, can therefore\nfree the init task\u0027s struct pid early.  As there can be dangling\nreferences to the struct pid, we can later encounter a use-after-free\n(e.g.  when delivering signals).\n\nThis was spotted when fuzzing v5.13-rc3 with Syzkaller, but seems to\nhave been around since the conversion of `cad_pid` to struct pid in\ncommit 9ec52099e4b8 (\"[PATCH] replace cad_pid by a struct pid\") from the\npre-KASAN stone age of v2.6.19.\n\nFix this by getting a reference to the init task\u0027s struct pid when we\nassign it to `cad_pid`.\n\nFull KASAN splat below.\n\n   ==================================================================\n   BUG: KASAN: use-after-free in ns_of_pid include/linux/pid.h:153 [inline]\n   BUG: KASAN: use-after-free in task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509\n   Read of size 4 at addr ffff23794dda0004 by task syz-executor.0/273\n\n   CPU: 1 PID: 273 Comm: syz-executor.0 Not tainted 5.12.0-00001-g9aef892b2d15 #1\n   Hardware name: linux,dummy-virt (DT)\n   Call trace:\n    ns_of_pid include/linux/pid.h:153 [inline]\n    task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509\n    do_notify_parent+0x308/0xe60 kernel/signal.c:1950\n    exit_notify kernel/exit.c:682 [inline]\n    do_exit+0x2334/0x2bd0 kernel/exit.c:845\n    do_group_exit+0x108/0x2c8 kernel/exit.c:922\n    get_signal+0x4e4/0x2a88 kernel/signal.c:2781\n    do_signal arch/arm64/kernel/signal.c:882 [inline]\n    do_notify_resume+0x300/0x970 arch/arm64/kernel/signal.c:936\n    work_pending+0xc/0x2dc\n\n   Allocated by task 0:\n    slab_post_alloc_hook+0x50/0x5c0 mm/slab.h:516\n    slab_alloc_node mm/slub.c:2907 [inline]\n    slab_alloc mm/slub.c:2915 [inline]\n    kmem_cache_alloc+0x1f4/0x4c0 mm/slub.c:2920\n    alloc_pid+0xdc/0xc00 kernel/pid.c:180\n    copy_process+0x2794/0x5e18 kernel/fork.c:2129\n    kernel_clone+0x194/0x13c8 kernel/fork.c:2500\n    kernel_thread+0xd4/0x110 kernel/fork.c:2552\n    rest_init+0x44/0x4a0 init/main.c:687\n    arch_call_rest_init+0x1c/0x28\n    start_kernel+0x520/0x554 init/main.c:1064\n    0x0\n\n   Freed by task 270:\n    slab_free_hook mm/slub.c:1562 [inline]\n    slab_free_freelist_hook+0x98/0x260 mm/slub.c:1600\n    slab_free mm/slub.c:3161 [inline]\n    kmem_cache_free+0x224/0x8e0 mm/slub.c:3177\n    put_pid.part.4+0xe0/0x1a8 kernel/pid.c:114\n    put_pid+0x30/0x48 kernel/pid.c:109\n    proc_do_cad_pid+0x190/0x1b0 kernel/sysctl.c:1401\n    proc_sys_call_handler+0x338/0x4b0 fs/proc/proc_sysctl.c:591\n    proc_sys_write+0x34/0x48 fs/proc/proc_sysctl.c:617\n    call_write_iter include/linux/fs.h:1977 [inline]\n    new_sync_write+0x3ac/0x510 fs/read_write.c:518\n    vfs_write fs/read_write.c:605 [inline]\n    vfs_write+0x9c4/0x1018 fs/read_write.c:585\n    ksys_write+0x124/0x240 fs/read_write.c:658\n    __do_sys_write fs/read_write.c:670 [inline]\n    __se_sys_write fs/read_write.c:667 [inline]\n    __arm64_sys_write+0x78/0xb0 fs/read_write.c:667\n    __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n    invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]\n    el0_svc_common.constprop.1+0x16c/0x388 arch/arm64/kernel/syscall.c:129\n    do_el0_svc+0xf8/0x150 arch/arm64/kernel/syscall.c:168\n    el0_svc+0x28/0x38 arch/arm64/kernel/entry-common.c:416\n    el0_sync_handler+0x134/0x180 arch/arm64/kernel/entry-common.c:432\n    el0_sync+0x154/0x180 arch/arm64/kernel/entry.S:701\n\n   The buggy address belongs to the object at ffff23794dda0000\n    which belongs to the cache pid of size 224\n   The buggy address is located 4 bytes inside of\n    224-byte region [ff\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:48:23.853Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/764c2e892d1fe895392aff62fb353fdce43bb529"
        },
        {
          "url": "https://git.kernel.org/stable/c/f86c80515a8a3703e0ca2e56deb50fc2879c5ea4"
        },
        {
          "url": "https://git.kernel.org/stable/c/4dbd8808a591b49b717862e6e0081bcf14a87788"
        },
        {
          "url": "https://git.kernel.org/stable/c/d106f05432e60f9f62d456ef017687f5c73cb414"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff"
        },
        {
          "url": "https://git.kernel.org/stable/c/7178be006d495ffb741c329012da289b62dddfe6"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8ff869f20152fbe66b6c2e2715d26a2f9897cca"
        },
        {
          "url": "https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f"
        }
      ],
      "title": "pid: take a reference when initializing `cad_pid`",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47118",
    "datePublished": "2024-03-15T20:14:25.116Z",
    "dateReserved": "2024-03-04T18:12:48.838Z",
    "dateUpdated": "2026-05-11T13:48:23.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47153 (GCVE-0-2021-47153)

Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2026-05-11 13:49

Title

i2c: i801: Don't generate an interrupt on bus reset

Summary

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction.

Severity ?

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/f9469082126cebb73…
https://git.kernel.org/stable/c/09c9e79f4c10cfb6b…
https://git.kernel.org/stable/c/dfa8929e117b0228a…
https://git.kernel.org/stable/c/c70e1ba2e7e65255a…
https://git.kernel.org/stable/c/04cc05e3716ae31b1…
https://git.kernel.org/stable/c/b523feb7e8e44652f…
https://git.kernel.org/stable/c/1f583d3813f204449…
https://git.kernel.org/stable/c/e4d8716c3dcec47f1…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 636752bcb5177a301d0266270661581de8624828 , < f9469082126cebb7337db3992d143f5e4edfe629 (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < 09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3 (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < dfa8929e117b0228a7765f5c3f5988a4a028f3c6 (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < c70e1ba2e7e65255a0ce004f531dd90dada97a8c (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < 04cc05e3716ae31b17ecdab7bc55c8170def1b8b (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < b523feb7e8e44652f92f3babb953a976e7ccbbef (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < 1f583d3813f204449037cd2acbfc09168171362a (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < e4d8716c3dcec47f1557024add24e1f3c09eb24b (git)
Linux	Linux	Affected: 3.6 Unaffected: 0 , < 3.6 (semver) Unaffected: 4.4.271 , ≤ 4.4.* (semver) Unaffected: 4.9.271 , ≤ 4.9.* (semver) Unaffected: 4.14.235 , ≤ 4.14.* (semver) Unaffected: 4.19.193 , ≤ 4.19.* (semver) Unaffected: 5.4.124 , ≤ 5.4.* (semver) Unaffected: 5.10.42 , ≤ 5.10.* (semver) Unaffected: 5.12.9 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47153",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-25T19:20:15.941507Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T16:55:32.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f9469082126cebb7337db3992d143f5e4edfe629"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dfa8929e117b0228a7765f5c3f5988a4a028f3c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c70e1ba2e7e65255a0ce004f531dd90dada97a8c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04cc05e3716ae31b17ecdab7bc55c8170def1b8b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b523feb7e8e44652f92f3babb953a976e7ccbbef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1f583d3813f204449037cd2acbfc09168171362a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4d8716c3dcec47f1557024add24e1f3c09eb24b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/busses/i2c-i801.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f9469082126cebb7337db3992d143f5e4edfe629",
              "status": "affected",
              "version": "636752bcb5177a301d0266270661581de8624828",
              "versionType": "git"
            },
            {
              "lessThan": "09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3",
              "status": "affected",
              "version": "636752bcb5177a301d0266270661581de8624828",
              "versionType": "git"
            },
            {
              "lessThan": "dfa8929e117b0228a7765f5c3f5988a4a028f3c6",
              "status": "affected",
              "version": "636752bcb5177a301d0266270661581de8624828",
              "versionType": "git"
            },
            {
              "lessThan": "c70e1ba2e7e65255a0ce004f531dd90dada97a8c",
              "status": "affected",
              "version": "636752bcb5177a301d0266270661581de8624828",
              "versionType": "git"
            },
            {
              "lessThan": "04cc05e3716ae31b17ecdab7bc55c8170def1b8b",
              "status": "affected",
              "version": "636752bcb5177a301d0266270661581de8624828",
              "versionType": "git"
            },
            {
              "lessThan": "b523feb7e8e44652f92f3babb953a976e7ccbbef",
              "status": "affected",
              "version": "636752bcb5177a301d0266270661581de8624828",
              "versionType": "git"
            },
            {
              "lessThan": "1f583d3813f204449037cd2acbfc09168171362a",
              "status": "affected",
              "version": "636752bcb5177a301d0266270661581de8624828",
              "versionType": "git"
            },
            {
              "lessThan": "e4d8716c3dcec47f1557024add24e1f3c09eb24b",
              "status": "affected",
              "version": "636752bcb5177a301d0266270661581de8624828",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/busses/i2c-i801.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.193",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.271",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.271",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.235",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.193",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.124",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.42",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.9",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Don\u0027t generate an interrupt on bus reset\n\nNow that the i2c-i801 driver supports interrupts, setting the KILL bit\nin a attempt to recover from a timed out transaction triggers an\ninterrupt. Unfortunately, the interrupt handler (i801_isr) is not\nprepared for this situation and will try to process the interrupt as\nif it was signaling the end of a successful transaction. In the case\nof a block transaction, this can result in an out-of-range memory\naccess.\n\nThis condition was reproduced several times by syzbot:\nhttps://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e\nhttps://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e\nhttps://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e\nhttps://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb\nhttps://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a\nhttps://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79\n\nSo disable interrupts while trying to reset the bus. Interrupts will\nbe enabled again for the following transaction."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:49:04.607Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f9469082126cebb7337db3992d143f5e4edfe629"
        },
        {
          "url": "https://git.kernel.org/stable/c/09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfa8929e117b0228a7765f5c3f5988a4a028f3c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/c70e1ba2e7e65255a0ce004f531dd90dada97a8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/04cc05e3716ae31b17ecdab7bc55c8170def1b8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b523feb7e8e44652f92f3babb953a976e7ccbbef"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f583d3813f204449037cd2acbfc09168171362a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4d8716c3dcec47f1557024add24e1f3c09eb24b"
        }
      ],
      "title": "i2c: i801: Don\u0027t generate an interrupt on bus reset",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47153",
    "datePublished": "2024-03-25T09:07:47.873Z",
    "dateReserved": "2024-03-04T18:12:48.846Z",
    "dateUpdated": "2026-05-11T13:49:04.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47171 (GCVE-0-2021-47171)

Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2026-05-11 13:49

Title

net: usb: fix memory leak in smsc75xx_bind

Summary

In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728

Severity ?

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/200dbfcad8011e50c…
https://git.kernel.org/stable/c/22c840596af0c0906…
https://git.kernel.org/stable/c/9e6b8c1ff9d997e1f…
https://git.kernel.org/stable/c/9e6a3eccb28779710…
https://git.kernel.org/stable/c/b95fb96e6339e3469…
https://git.kernel.org/stable/c/635ac38b36255d3cf…
https://git.kernel.org/stable/c/70c886ac93f87ae72…
https://git.kernel.org/stable/c/46a8b29c6306d8bbf…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 200dbfcad8011e50c3cec269ed7b980836eeb1fa (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 22c840596af0c09068b6cf948616e6496e59e07f (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 9e6a3eccb28779710cbbafc4f4258d92509c6d07 (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < b95fb96e6339e34694dd578fb6bde3575b01af17 (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 635ac38b36255d3cfb8312cf7c471334f4d537e0 (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 70c886ac93f87ae7214a0c69151a28a8075dd95b (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 46a8b29c6306d8bbfd92b614ef65a47c900d8e70 (git)
Linux	Linux	Affected: 2.6.34 Unaffected: 0 , < 2.6.34 (semver) Unaffected: 4.4.271 , ≤ 4.4.* (semver) Unaffected: 4.9.271 , ≤ 4.9.* (semver) Unaffected: 4.14.235 , ≤ 4.14.* (semver) Unaffected: 4.19.193 , ≤ 4.19.* (semver) Unaffected: 5.4.124 , ≤ 5.4.* (semver) Unaffected: 5.10.42 , ≤ 5.10.* (semver) Unaffected: 5.12.9 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47171",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:54:28.610486Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:58.501Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/smsc75xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "200dbfcad8011e50c3cec269ed7b980836eeb1fa",
              "status": "affected",
              "version": "d0cad871703b898a442e4049c532ec39168e5b57",
              "versionType": "git"
            },
            {
              "lessThan": "22c840596af0c09068b6cf948616e6496e59e07f",
              "status": "affected",
              "version": "d0cad871703b898a442e4049c532ec39168e5b57",
              "versionType": "git"
            },
            {
              "lessThan": "9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc",
              "status": "affected",
              "version": "d0cad871703b898a442e4049c532ec39168e5b57",
              "versionType": "git"
            },
            {
              "lessThan": "9e6a3eccb28779710cbbafc4f4258d92509c6d07",
              "status": "affected",
              "version": "d0cad871703b898a442e4049c532ec39168e5b57",
              "versionType": "git"
            },
            {
              "lessThan": "b95fb96e6339e34694dd578fb6bde3575b01af17",
              "status": "affected",
              "version": "d0cad871703b898a442e4049c532ec39168e5b57",
              "versionType": "git"
            },
            {
              "lessThan": "635ac38b36255d3cfb8312cf7c471334f4d537e0",
              "status": "affected",
              "version": "d0cad871703b898a442e4049c532ec39168e5b57",
              "versionType": "git"
            },
            {
              "lessThan": "70c886ac93f87ae7214a0c69151a28a8075dd95b",
              "status": "affected",
              "version": "d0cad871703b898a442e4049c532ec39168e5b57",
              "versionType": "git"
            },
            {
              "lessThan": "46a8b29c6306d8bbfd92b614ef65a47c900d8e70",
              "status": "affected",
              "version": "d0cad871703b898a442e4049c532ec39168e5b57",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/smsc75xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.34"
            },
            {
              "lessThan": "2.6.34",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.193",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.271",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.271",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.235",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.193",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.124",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.42",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.9",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "2.6.34",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: fix memory leak in smsc75xx_bind\n\nSyzbot reported memory leak in smsc75xx_bind().\nThe problem was is non-freed memory in case of\nerrors after memory allocation.\n\nbacktrace:\n  [\u003cffffffff84245b62\u003e] kmalloc include/linux/slab.h:556 [inline]\n  [\u003cffffffff84245b62\u003e] kzalloc include/linux/slab.h:686 [inline]\n  [\u003cffffffff84245b62\u003e] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460\n  [\u003cffffffff82b5b2e6\u003e] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:49:21.036Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07"
        },
        {
          "url": "https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17"
        },
        {
          "url": "https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b"
        },
        {
          "url": "https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70"
        }
      ],
      "title": "net: usb: fix memory leak in smsc75xx_bind",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47171",
    "datePublished": "2024-03-25T09:16:22.993Z",
    "dateReserved": "2024-03-25T09:12:14.111Z",
    "dateUpdated": "2026-05-11T13:49:21.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47185 (GCVE-0-2021-47185)

Vulnerability from cvelistv5 – Published: 2024-04-10 18:56 – Updated: 2026-05-11 13:49

Title

tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc

Summary

In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound flush_to_ldisc Call trace: dump_backtrace+0x0/0x1ec show_stack+0x24/0x30 dump_stack+0xd0/0x128 panic+0x15c/0x374 watchdog_timer_fn+0x2b8/0x304 __run_hrtimer+0x88/0x2c0 __hrtimer_run_queues+0xa4/0x120 hrtimer_interrupt+0xfc/0x270 arch_timer_handler_phys+0x40/0x50 handle_percpu_devid_irq+0x94/0x220 __handle_domain_irq+0x88/0xf0 gic_handle_irq+0x84/0xfc el1_irq+0xc8/0x180 slip_unesc+0x80/0x214 [slip] tty_ldisc_receive_buf+0x64/0x80 tty_port_default_receive_buf+0x50/0x90 flush_to_ldisc+0xbc/0x110 process_one_work+0x1d4/0x4b0 worker_thread+0x180/0x430 kthread+0x11c/0x120 In the testcase pty04, The first process call the write syscall to send data to the pty master. At the same time, the workqueue will do the flush_to_ldisc to pop data in a loop until there is no more data left. When the sender and workqueue running in different core, the sender sends data fastly in full time which will result in workqueue doing work in loop for a long time and occuring softlockup in flush_to_ldisc with kernel configured without preempt. So I add need_resched check and cond_resched in the flush_to_ldisc loop to avoid it.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/0380f643f3a7a61b0…
https://git.kernel.org/stable/c/b1ffc16ec05ae40d8…
https://git.kernel.org/stable/c/4c1623651a0936ee1…
https://git.kernel.org/stable/c/4f300f47dbcf9c3d4…
https://git.kernel.org/stable/c/d491c84df5c469dd9…
https://git.kernel.org/stable/c/77e9fed33056f2a88…
https://git.kernel.org/stable/c/5c34486f04700f1ba…
https://git.kernel.org/stable/c/3968ddcf05fb4b940…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 0380f643f3a7a61b0845cdc738959c2ad5735d61 (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < b1ffc16ec05ae40d82b6e373322d62e9d6b54fbc (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 4c1623651a0936ee197859824cdae6ebbd04d3ed (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 4f300f47dbcf9c3d4b2ea76c8554c8f360400725 (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < d491c84df5c469dd9621863b6a770b3428137063 (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 77e9fed33056f2a88eba9dd4d2d5412f0c7d1f41 (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 5c34486f04700f1ba04907231dce0cc2705c2d7d (git) Affected: 81de916f19cf5f1437c0b9ed817364f0f7c81961 , < 3968ddcf05fb4b9409cd1859feb06a5b0550a1c1 (git)
Linux	Linux	Affected: 3.0 Unaffected: 0 , < 3.0 (semver) Unaffected: 4.4.293 , ≤ 4.4.* (semver) Unaffected: 4.9.291 , ≤ 4.9.* (semver) Unaffected: 4.14.256 , ≤ 4.14.* (semver) Unaffected: 4.19.218 , ≤ 4.19.* (semver) Unaffected: 5.4.162 , ≤ 5.4.* (semver) Unaffected: 5.10.82 , ≤ 5.10.* (semver) Unaffected: 5.15.5 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47185",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-15T14:53:32.237242Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T14:14:51.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:07.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0380f643f3a7a61b0845cdc738959c2ad5735d61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b1ffc16ec05ae40d82b6e373322d62e9d6b54fbc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c1623651a0936ee197859824cdae6ebbd04d3ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f300f47dbcf9c3d4b2ea76c8554c8f360400725"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d491c84df5c469dd9621863b6a770b3428137063"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77e9fed33056f2a88eba9dd4d2d5412f0c7d1f41"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c34486f04700f1ba04907231dce0cc2705c2d7d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3968ddcf05fb4b9409cd1859feb06a5b0550a1c1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/tty_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0380f643f3a7a61b0845cdc738959c2ad5735d61",
              "status": "affected",
              "version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
              "versionType": "git"
            },
            {
              "lessThan": "b1ffc16ec05ae40d82b6e373322d62e9d6b54fbc",
              "status": "affected",
              "version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
              "versionType": "git"
            },
            {
              "lessThan": "4c1623651a0936ee197859824cdae6ebbd04d3ed",
              "status": "affected",
              "version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
              "versionType": "git"
            },
            {
              "lessThan": "4f300f47dbcf9c3d4b2ea76c8554c8f360400725",
              "status": "affected",
              "version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
              "versionType": "git"
            },
            {
              "lessThan": "d491c84df5c469dd9621863b6a770b3428137063",
              "status": "affected",
              "version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
              "versionType": "git"
            },
            {
              "lessThan": "77e9fed33056f2a88eba9dd4d2d5412f0c7d1f41",
              "status": "affected",
              "version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
              "versionType": "git"
            },
            {
              "lessThan": "5c34486f04700f1ba04907231dce0cc2705c2d7d",
              "status": "affected",
              "version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
              "versionType": "git"
            },
            {
              "lessThan": "3968ddcf05fb4b9409cd1859feb06a5b0550a1c1",
              "status": "affected",
              "version": "81de916f19cf5f1437c0b9ed817364f0f7c81961",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/tty_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "lessThan": "3.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.293",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.256",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.218",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.293",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.291",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.256",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.218",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.162",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.82",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.5",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: tty_buffer: Fix the softlockup issue in flush_to_ldisc\n\nWhen running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup,\nwhich look like this one:\n\n  Workqueue: events_unbound flush_to_ldisc\n  Call trace:\n   dump_backtrace+0x0/0x1ec\n   show_stack+0x24/0x30\n   dump_stack+0xd0/0x128\n   panic+0x15c/0x374\n   watchdog_timer_fn+0x2b8/0x304\n   __run_hrtimer+0x88/0x2c0\n   __hrtimer_run_queues+0xa4/0x120\n   hrtimer_interrupt+0xfc/0x270\n   arch_timer_handler_phys+0x40/0x50\n   handle_percpu_devid_irq+0x94/0x220\n   __handle_domain_irq+0x88/0xf0\n   gic_handle_irq+0x84/0xfc\n   el1_irq+0xc8/0x180\n   slip_unesc+0x80/0x214 [slip]\n   tty_ldisc_receive_buf+0x64/0x80\n   tty_port_default_receive_buf+0x50/0x90\n   flush_to_ldisc+0xbc/0x110\n   process_one_work+0x1d4/0x4b0\n   worker_thread+0x180/0x430\n   kthread+0x11c/0x120\n\nIn the testcase pty04, The first process call the write syscall to send\ndata to the pty master. At the same time, the workqueue will do the\nflush_to_ldisc to pop data in a loop until there is no more data left.\nWhen the sender and workqueue running in different core, the sender sends\ndata fastly in full time which will result in workqueue doing work in loop\nfor a long time and occuring softlockup in flush_to_ldisc with kernel\nconfigured without preempt. So I add need_resched check and cond_resched\nin the flush_to_ldisc loop to avoid it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:49:37.452Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0380f643f3a7a61b0845cdc738959c2ad5735d61"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1ffc16ec05ae40d82b6e373322d62e9d6b54fbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c1623651a0936ee197859824cdae6ebbd04d3ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f300f47dbcf9c3d4b2ea76c8554c8f360400725"
        },
        {
          "url": "https://git.kernel.org/stable/c/d491c84df5c469dd9621863b6a770b3428137063"
        },
        {
          "url": "https://git.kernel.org/stable/c/77e9fed33056f2a88eba9dd4d2d5412f0c7d1f41"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c34486f04700f1ba04907231dce0cc2705c2d7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/3968ddcf05fb4b9409cd1859feb06a5b0550a1c1"
        }
      ],
      "title": "tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47185",
    "datePublished": "2024-04-10T18:56:25.671Z",
    "dateReserved": "2024-03-25T09:12:14.113Z",
    "dateUpdated": "2026-05-11T13:49:37.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-48627 (GCVE-0-2022-48627)

Vulnerability from cvelistv5 – Published: 2024-03-02 21:31 – Updated: 2026-05-11 18:43

Title

vt: fix memory overlapping when deleting chars in the buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to memcpy because memcpy does not ensure its behavior if the destination buffer overlaps with the source buffer. The line buffer is not always broken, because the memcpy utilizes the hardware acceleration, whose result is not deterministic. Fix this problem by using replacing the scr_memcpyw with scr_memmovew.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

6 references

URL	Tags
https://git.kernel.org/stable/c/c8686c014b5e872ba…
https://git.kernel.org/stable/c/815be99d934e32929…
https://git.kernel.org/stable/c/bfee93c9a6c395f9a…
https://git.kernel.org/stable/c/57964a5710252bc82…
https://git.kernel.org/stable/c/14d2cc21ca622310b…
https://git.kernel.org/stable/c/39cdb68c64d84e71a…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < c8686c014b5e872ba7e334f33ca553f14446fc29 (git) Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 815be99d934e3292906536275f2b8d5131cdf52c (git) Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < bfee93c9a6c395f9aa62268f1cedf64999844926 (git) Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 57964a5710252bc82fe22d9fa98c180c58c20244 (git) Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 14d2cc21ca622310babf373e3a8f0b40acfe8265 (git) Affected: 81732c3b2fede049a692e58a7ceabb6d18ffb18c , < 39cdb68c64d84e71a4a717000b6e5de208ee60cc (git)
Linux	Linux	Affected: 3.7 Unaffected: 0 , < 3.7 (semver) Unaffected: 4.19.312 , ≤ 4.19.* (semver) Unaffected: 5.4.274 , ≤ 5.4.* (semver) Unaffected: 5.10.132 , ≤ 5.10.* (semver) Unaffected: 5.15.56 , ≤ 5.15.* (semver) Unaffected: 5.18.13 , ≤ 5.18.* (semver) Unaffected: 5.19 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-48627",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T14:23:17.504508Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:04:55.670Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:17:55.441Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/vt/vt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c8686c014b5e872ba7e334f33ca553f14446fc29",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            },
            {
              "lessThan": "815be99d934e3292906536275f2b8d5131cdf52c",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            },
            {
              "lessThan": "bfee93c9a6c395f9aa62268f1cedf64999844926",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            },
            {
              "lessThan": "57964a5710252bc82fe22d9fa98c180c58c20244",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            },
            {
              "lessThan": "14d2cc21ca622310babf373e3a8f0b40acfe8265",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            },
            {
              "lessThan": "39cdb68c64d84e71a4a717000b6e5de208ee60cc",
              "status": "affected",
              "version": "81732c3b2fede049a692e58a7ceabb6d18ffb18c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/vt/vt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.132",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.56",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.132",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.56",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.13",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: fix memory overlapping when deleting chars in the buffer\n\nA memory overlapping copy occurs when deleting a long line. This memory\noverlapping copy can cause data corruption when scr_memcpyw is optimized\nto memcpy because memcpy does not ensure its behavior if the destination\nbuffer overlaps with the source buffer. The line buffer is not always\nbroken, because the memcpy utilizes the hardware acceleration, whose\nresult is not deterministic.\n\nFix this problem by using replacing the scr_memcpyw with scr_memmovew."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T18:43:59.424Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29"
        },
        {
          "url": "https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926"
        },
        {
          "url": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244"
        },
        {
          "url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265"
        },
        {
          "url": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc"
        }
      ],
      "title": "vt: fix memory overlapping when deleting chars in the buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48627",
    "datePublished": "2024-03-02T21:31:48.383Z",
    "dateReserved": "2024-02-25T13:44:28.314Z",
    "dateUpdated": "2026-05-11T18:43:59.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2024:3618

Vulnerability from osv_almalinux

CVE-2019-25162 (GCVE-0-2019-25162)

CVE-2020-36777 (GCVE-0-2020-36777)

CVE-2021-46934 (GCVE-0-2021-46934)

CVE-2021-47013 (GCVE-0-2021-47013)

CVE-2021-47055 (GCVE-0-2021-47055)

CVE-2021-47118 (GCVE-0-2021-47118)

CVE-2021-47153 (GCVE-0-2021-47153)

CVE-2021-47171 (GCVE-0-2021-47171)

CVE-2021-47185 (GCVE-0-2021-47185)

CVE-2022-48627 (GCVE-0-2022-48627)

Tags

Sightings

Nomenclature