CVE-2021-47361

Summary

In the Linux kernel, the following vulnerability has been resolved:

mcb: fix error handling in mcb_alloc_bus()

There are two bugs:

  1. If ida_simple_get() fails then this code calls put_device(carrier) but we haven't yet called get_device(carrier) and probably that leads to a use after free.
  2. After device_initialize() then we need to use put_device() to release the bus. This will free the internal resources tied to the device and call mcb_free_bus() which will free the rest.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux18d28819809909c3f24bb72183a901c5e332a63d < 8a558261fa57a6deefb0925ab1829f698b194aeaaffected
LinuxLinux18d28819809909c3f24bb72183a901c5e332a63d < 115b07d9f47e3996430b8f2007edd9768e1f807faffected
LinuxLinux18d28819809909c3f24bb72183a901c5e332a63d < 66f74ba9be9daf9c47fface6af3677f602774f6baffected
LinuxLinux18d28819809909c3f24bb72183a901c5e332a63d < 7751f609eadf36b1f53712bae430019c53a16eb0affected
LinuxLinux18d28819809909c3f24bb72183a901c5e332a63d < 91e4ad05bf18322b5921d1a6c9b603f6eb1694f0affected
LinuxLinux18d28819809909c3f24bb72183a901c5e332a63d < 9fc198f415dee070a1de957bb5bf5921d8df3499affected
LinuxLinux18d28819809909c3f24bb72183a901c5e332a63d < 25a1433216489de4abc889910f744e952cb6dbaeaffected
LinuxLinux4.7affected
LinuxLinux0 < 4.7unaffected
LinuxLinux4.9.285 <= 4.9.*unaffected
LinuxLinux4.14.249 <= 4.14.*unaffected
LinuxLinux4.19.209 <= 4.19.*unaffected
LinuxLinux5.4.150 <= 5.4.*unaffected
LinuxLinux5.10.70 <= 5.10.*unaffected
LinuxLinux5.14.9 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References