CVE-2021-47653

EUVD-2021-34652

26.02.2025, 06:37

In the Linux kernel, the following vulnerability has been resolved:

media: davinci: vpif: fix use-after-free on driver unbind

The driver allocates and registers two platform device structures during
probe, but the devices were never deregistered on driver unbind.

This results in a use-after-free on driver unbind as the device
structures were allocated using devres and would be freed by driver
core when remove() returns.

Fix this by adding the missing deregistration calls to the remove()
callback and failing probe on registration errors.

Note that the platform device structures must be freed using a proper
release callback to avoid leaking associated resources like device
names.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	4.13 ≤ 𝑥 < 5.15.54
linux	linux_kernel	5.16 ≤ 𝑥 < 5.16.19
linux	linux_kernel	5.17 ≤ 𝑥 < 5.17.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.123-1 fixed
bookworm (security)	6.1.128-1 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
sid	6.12.16-1 fixed
trixie	6.12.12-1 fixed

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://git.kernel.org/stable/c/43acb728bbc40169d2e2425e84a80068270974be

https://git.kernel.org/stable/c/6512c3c39cb6b573b791ce45365818a38b76afbe

https://git.kernel.org/stable/c/9ffc602e14d7b9f7e7cb2f67e18dfef9ef8af676

https://git.kernel.org/stable/c/b5a3bb7f6f164eb6ee74ef4898dcd019b2063448