CVE-2021-47583

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: mxl111sf: change mutex_init() location

Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location.

Previous mutex_init(&state->msg_lock) call was in ->init() function, but dvb_usbv2_init() has this order of calls:

dvb_usbv2_init()
  dvb_usbv2_adapter_init()
    dvb_usbv2_adapter_frontend_init()
      props->frontend_attach()

  props->init()

Since mxl111sf_* devices call mxl111sf_ctrl_msg() in ->frontend_attach() internally we need to initialize state->msg_lock before frontend_attach(). To achieve it, ->probe() call added to all mxl111sf_* devices, which will simply initiaize mutex.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8572211842afc53c8450fb470f2b8d02ba7592e0 < 4b2d9600b31f9ba7adbc9f3c54a068615d27b390affected
LinuxLinux8572211842afc53c8450fb470f2b8d02ba7592e0 < 96f182c9f48b984447741f054ec301fdc8517035affected
LinuxLinux8572211842afc53c8450fb470f2b8d02ba7592e0 < b99bdf127af91d53919e96292c05f737c45ea59aaffected
LinuxLinux8572211842afc53c8450fb470f2b8d02ba7592e0 < 8c6fdf62bfe1bc72bfceeaf832ef7499c7ed09baaffected
LinuxLinux8572211842afc53c8450fb470f2b8d02ba7592e0 < 44870a9e7a3c24acbb3f888b2a7cc22c9bdf7e7faffected
LinuxLinux3.7affected
LinuxLinux0 < 3.7unaffected
LinuxLinux4.19.222 <= 4.19.*unaffected
LinuxLinux5.4.168 <= 5.4.*unaffected
LinuxLinux5.10.88 <= 5.10.*unaffected
LinuxLinux5.15.11 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References