CVE-2021-47500

Summary

In the Linux kernel, the following vulnerability has been resolved:

iio: mma8452: Fix trigger reference couting

The mma8452 driver directly assigns a trigger to the struct iio_dev. The IIO core when done using this trigger will call iio_trigger_put() to drop the reference count by 1.

Without the matching iio_trigger_get() in the driver the reference count can reach 0 too early, the trigger gets freed while still in use and a use-after-free occurs.

Fix this by getting a reference to the trigger before assigning it to the IIO device.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxae6d9ce05691bf79694074db7c7da980080548af < 094d513b78b1714113bc016684b8142382e071baaffected
LinuxLinuxae6d9ce05691bf79694074db7c7da980080548af < fb75cc4740d81264cd5bcb0e17d961d018a8be96affected
LinuxLinuxae6d9ce05691bf79694074db7c7da980080548af < 794c0898f6bf39a458655d5fb4af70ec43a5cfcbaffected
LinuxLinuxae6d9ce05691bf79694074db7c7da980080548af < f5deab10ced368c807866283f8b79144c4823be8affected
LinuxLinuxae6d9ce05691bf79694074db7c7da980080548af < acf0088ac073ca6e7f4cad6acac112177e08df5eaffected
LinuxLinuxae6d9ce05691bf79694074db7c7da980080548af < db12d95085367de8b0223929d1332731024441f1affected
LinuxLinuxae6d9ce05691bf79694074db7c7da980080548af < c43517071dfc9fce34f8f69dbb98a86017f6b739affected
LinuxLinuxae6d9ce05691bf79694074db7c7da980080548af < cd0082235783f814241a1c9483fb89e405f4f892affected
LinuxLinux4.2affected
LinuxLinux0 < 4.2unaffected
LinuxLinux4.4.295 <= 4.4.*unaffected
LinuxLinux4.9.293 <= 4.9.*unaffected
LinuxLinux4.14.258 <= 4.14.*unaffected
LinuxLinux4.19.221 <= 4.19.*unaffected
LinuxLinux5.4.165 <= 5.4.*unaffected
LinuxLinux5.10.85 <= 5.10.*unaffected
LinuxLinux5.15.8 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References