CVE-2021-47480

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: core: Put LLD module refcnt after SCSI device is released

SCSI host release is triggered when SCSI device is freed. We have to make sure that the low-level device driver module won't be unloaded before SCSI host instance is released because shost->hostt is required in the release handler.

Make sure to put LLD module refcnt after SCSI device is released.

Fixes a kernel panic of 'BUG: unable to handle page fault for address' reported by Changhui and Yi.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux65110b2168950a19cc78b5027ed18cb811fbdae8 < 1105573d964f7b78734348466b01f5f6ba8a1813affected
LinuxLinux65110b2168950a19cc78b5027ed18cb811fbdae8 < 8e4814a461787e15a31d322d9efbe0d4f6822428affected
LinuxLinux65110b2168950a19cc78b5027ed18cb811fbdae8 < 61a0faa89f21861d1f8d059123b5c285a5d9ffeeaffected
LinuxLinux65110b2168950a19cc78b5027ed18cb811fbdae8 < c2df161f69fb1c67f63adbd193368b47f511edc0affected
LinuxLinux65110b2168950a19cc78b5027ed18cb811fbdae8 < 1ce287eff9f23181d5644db787f472463a61f68baffected
LinuxLinux65110b2168950a19cc78b5027ed18cb811fbdae8 < 7b57c38d12aed1b5d92f74748bed25e0d041729faffected
LinuxLinux65110b2168950a19cc78b5027ed18cb811fbdae8 < f30822c0b4c35ec86187ab055263943dc71a6836affected
LinuxLinux65110b2168950a19cc78b5027ed18cb811fbdae8 < f2b85040acec9a928b4eb1b57a989324e8e38d3faffected
LinuxLinux2.6.16affected
LinuxLinux0 < 2.6.16unaffected
LinuxLinux4.4.292 <= 4.4.*unaffected
LinuxLinux4.9.290 <= 4.9.*unaffected
LinuxLinux4.14.255 <= 4.14.*unaffected
LinuxLinux4.19.216 <= 4.19.*unaffected
LinuxLinux5.4.158 <= 5.4.*unaffected
LinuxLinux5.10.78 <= 5.10.*unaffected
LinuxLinux5.14.17 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References