CVE-2021-47143

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/smc: remove device from smcd_dev_list after failed device_add()

If the device_add() for a smcd_dev fails, there's no cleanup step that rolls back the earlier list_add(). The device subsequently gets freed, and we end up with a corrupted list.

Add some error handling that removes the device from the list.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc6ba7c9ba43de1b57e9a53946e7ff988554c84ed < 8b2cdc004d21a7255f219706dca64411108f7897affected
LinuxLinuxc6ba7c9ba43de1b57e9a53946e7ff988554c84ed < 40588782f1016c655ae1d302892f61d35af96842affected
LinuxLinuxc6ba7c9ba43de1b57e9a53946e7ff988554c84ed < 444d7be9532dcfda8e0385226c862fd7e986f607affected
LinuxLinux4.19affected
LinuxLinux0 < 4.19unaffected
LinuxLinux5.10.42 <= 5.10.*unaffected
LinuxLinux5.12.9 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References