CVE-2021-47327

Summary

In the Linux kernel, the following vulnerability has been resolved:

iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails

arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less than 0.

The reference counting issue happens in some error handling paths of arm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get() fails, the caller functions forget to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak.

Fix this issue by calling pm_runtime_resume_and_get() instead of pm_runtime_get_sync() in arm_smmu_rpm_get(), which can keep the refcount balanced in case of failure.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd4a44f0750bb9bf7c44c22444a482756b2344a79 < 3761ae0d0e549f2acdaf11f49df4ed06d256b20faffected
LinuxLinuxd4a44f0750bb9bf7c44c22444a482756b2344a79 < c4007596fbdabc29f858dc2e1990858a146b60b2affected
LinuxLinuxd4a44f0750bb9bf7c44c22444a482756b2344a79 < fbf4daa6f4105e01fbd3868006f65c163365c1e3affected
LinuxLinuxd4a44f0750bb9bf7c44c22444a482756b2344a79 < fe92c058199067ae90cf2a901ddf3c271893557aaffected
LinuxLinuxd4a44f0750bb9bf7c44c22444a482756b2344a79 < 1adf30f198c26539a62d761e45af72cde570413daffected
LinuxLinux5.0affected
LinuxLinux0 < 5.0unaffected
LinuxLinux5.4.134 <= 5.4.*unaffected
LinuxLinux5.10.52 <= 5.10.*unaffected
LinuxLinux5.12.19 <= 5.12.*unaffected
LinuxLinux5.13.4 <= 5.13.*unaffected
LinuxLinux5.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References