CVE-2021-47195

spi: fix use-after-free of the add_lock mutex

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on
SPI buses") introduced a per-controller mutex. But mutex_unlock() of
said lock is called after the controller is already freed: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Move the put_device() after the mutex_unlock().

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: spi: corrige el use-after-free del mutex add_lock. El commit 6098475d4cb4 ("spi: corrige el punto muerto al agregar controladores SPI en buses SPI") introdujo un mutex por controlador. Pero mutex_unlock() de dicho bloqueo se llama después de que el controlador ya está liberado: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Mueva put_device() después el mutex_unlock().

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is already freed: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Move the put_device() after the mutex_unlock().

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-25 CVE Reserved
2024-04-10 CVE Published
2024-11-18 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/6098475d4cb48d821bdf453c61118c56e26294f0	Vuln. Introduced
https://git.kernel.org/stable/c/722ef19a161ce3fffb3d1b01ce2301c306639bdd	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/37330f37f6666c7739a44b2b6b95b047ccdbed2d	2021-11-25
https://git.kernel.org/stable/c/6c53b45c71b4920b5e62f0ea8079a1da382b9434	2021-11-12
https://git.kernel.org/stable/c/54c2c96eafcfd242e52e932ab54ace4784efe1dd	2024-11-17
https://git.kernel.org/stable/c/11eab327a2a8bd36c38afbff920ae1bd45588dd4	2024-11-17

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.15.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.14.15 Search vendor "Linux" for product "Linux Kernel" and version "5.14.15"		en		Affected