CVE-2021-47048

Summary

In the Linux kernel, the following vulnerability has been resolved:

spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op

When handling op->addr, it is using the buffer "tmpbuf" which has been freed. This will trigger a use-after-free KASAN warning. Let's use temporary variables to store op->addr.val and op->cmd.opcode to fix this issue.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e < 1231279389b5e638bc3b66b9741c94077aed4b5aaffected
LinuxLinux1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e < d67e0d6bd92ebbb0294e7062bbf5cdc773764e62affected
LinuxLinux1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e < 23269ac9f123eca3aea7682d3345c02e71ed696caffected
LinuxLinux1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e < a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58affected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux5.10.37 <= 5.10.*unaffected
LinuxLinux5.11.21 <= 5.11.*unaffected
LinuxLinux5.12.4 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References