CVE-2021-47358

Summary

In the Linux kernel, the following vulnerability has been resolved:

staging: greybus: uart: fix tty use after free

User space can hold a tty open indefinitely and tty drivers must not release the underlying structures until the last user is gone.

Switch to using the tty-port reference counter to manage the life time of the greybus tty state to avoid use after free after a disconnect.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa18e15175708d39abbe9746ddc3479466b7800c3 < 92b67aaafb7c449db9f0c3dcabc0ff967cb3a42daffected
LinuxLinuxa18e15175708d39abbe9746ddc3479466b7800c3 < 64062fcaca8872f063ec9da011e7bf30470be33faffected
LinuxLinuxa18e15175708d39abbe9746ddc3479466b7800c3 < a5cfd51f6348e8fd7531461366946039c29c7e69affected
LinuxLinuxa18e15175708d39abbe9746ddc3479466b7800c3 < 4dc56951a8d9d61d364d346c61a5f1d70b4f5e14affected
LinuxLinuxa18e15175708d39abbe9746ddc3479466b7800c3 < b9e697e60ce9890e9258a73eb061288e7d68e5e6affected
LinuxLinuxa18e15175708d39abbe9746ddc3479466b7800c3 < 9872ff6fdce8b229f01993b611b5d1719cb70ff1affected
LinuxLinuxa18e15175708d39abbe9746ddc3479466b7800c3 < 92dc0b1f46e12cfabd28d709bb34f7a39431b44faffected
LinuxLinux4.9affected
LinuxLinux0 < 4.9unaffected
LinuxLinux4.9.285 <= 4.9.*unaffected
LinuxLinux4.14.249 <= 4.14.*unaffected
LinuxLinux4.19.209 <= 4.19.*unaffected
LinuxLinux5.4.150 <= 5.4.*unaffected
LinuxLinux5.10.70 <= 5.10.*unaffected
LinuxLinux5.14.9 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References