github - ghsa-3pg2-q6q7-9rmm

ghsa-3pg2-q6q7-9rmm

Vulnerability from github

Published

2024-05-22 09:31

Modified

2025-01-10 18:31

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

iio: adis16475: fix deadlock on frequency set

With commit 39c024b51b560 ("iio: adis16475: improve sync scale mode handling"), two deadlocks were introduced: 1) The call to 'adis_write_reg_16()' was not changed to it's unlocked version. 2) The lock was not being released on the success path of the function.

This change fixes both these issues.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-47437"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T07:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adis16475: fix deadlock on frequency set\n\nWith commit 39c024b51b560\n(\"iio: adis16475: improve sync scale mode handling\"), two deadlocks were\nintroduced:\n 1) The call to \u0027adis_write_reg_16()\u0027 was not changed to it\u0027s unlocked\n    version.\n 2) The lock was not being released on the success path of the function.\n\nThis change fixes both these issues.",
  "id": "GHSA-3pg2-q6q7-9rmm",
  "modified": "2025-01-10T18:31:38Z",
  "published": "2024-05-22T09:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47437"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04e03b907022ebd876f422f17efcc2c6cc934dc6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9da1b86865ab4376408c58cd9fec332c8bdb5c73"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2021-47437 (GCVE-0-2021-47437)

Vulnerability from cvelistv5

Published

2024-05-22 06:19

Modified

2025-05-04 07:10

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: iio: adis16475: fix deadlock on frequency set With commit 39c024b51b560 ("iio: adis16475: improve sync scale mode handling"), two deadlocks were introduced: 1) The call to 'adis_write_reg_16()' was not changed to it's unlocked version. 2) The lock was not being released on the success path of the function. This change fixes both these issues.

References

URL

Tags

	https://git.kernel.org/stable/c/04e03b907022ebd876f422f17efcc2c6cc934dc6
	https://git.kernel.org/stable/c/9da1b86865ab4376408c58cd9fec332c8bdb5c73

Impacted products

Vendor

Product

Version

Version: 39c024b51b5607e9d2fc6c04c2573e4a778c728d
Version: 39c024b51b5607e9d2fc6c04c2573e4a778c728d

Version: 5.13

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47437",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-22T18:17:08.445721Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:14:58.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04e03b907022ebd876f422f17efcc2c6cc934dc6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9da1b86865ab4376408c58cd9fec332c8bdb5c73"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/imu/adis16475.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "04e03b907022ebd876f422f17efcc2c6cc934dc6",
              "status": "affected",
              "version": "39c024b51b5607e9d2fc6c04c2573e4a778c728d",
              "versionType": "git"
            },
            {
              "lessThan": "9da1b86865ab4376408c58cd9fec332c8bdb5c73",
              "status": "affected",
              "version": "39c024b51b5607e9d2fc6c04c2573e4a778c728d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iio/imu/adis16475.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.14.*",
              "status": "unaffected",
              "version": "5.14.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.14.14",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adis16475: fix deadlock on frequency set\n\nWith commit 39c024b51b560\n(\"iio: adis16475: improve sync scale mode handling\"), two deadlocks were\nintroduced:\n 1) The call to \u0027adis_write_reg_16()\u0027 was not changed to it\u0027s unlocked\n    version.\n 2) The lock was not being released on the success path of the function.\n\nThis change fixes both these issues."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:10:52.176Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/04e03b907022ebd876f422f17efcc2c6cc934dc6"
        },
        {
          "url": "https://git.kernel.org/stable/c/9da1b86865ab4376408c58cd9fec332c8bdb5c73"
        }
      ],
      "title": "iio: adis16475: fix deadlock on frequency set",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47437",
    "datePublished": "2024-05-22T06:19:32.879Z",
    "dateReserved": "2024-05-21T14:58:30.831Z",
    "dateUpdated": "2025-05-04T07:10:52.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.