{ "id": "CVE-2021-47195", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-10T19:15:47.853", "lastModified": "2024-11-21T06:35:36.413", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fix use-after-free of the add_lock mutex\n\nCommit 6098475d4cb4 (\"spi: Fix deadlock when adding SPI controllers on\nSPI buses\") introduced a per-controller mutex. But mutex_unlock() of\nsaid lock is called after the controller is already freed:\n\n spi_unregister_controller(ctlr)\n -> put_device(&ctlr->dev)\n -> spi_controller_release(dev)\n -> mutex_unlock(&ctrl->add_lock)\n\nMove the put_device() after the mutex_unlock()." }, { "lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: spi: corrige el use-after-free del mutex add_lock. El commit 6098475d4cb4 (\"spi: corrige el punto muerto al agregar controladores SPI en buses SPI\") introdujo un mutex por controlador. Pero mutex_unlock() de dicho bloqueo se llama despu\u00e9s de que el controlador ya est\u00e1 liberado: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Mueva put_device() despu\u00e9s el mutex_unlock()." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-416" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartExcluding": "5.15.0", "versionEndExcluding": "5.15.5", "matchCriteriaId": "9E41D489-7457-4244-B477-AF077373C777" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/11eab327a2a8bd36c38afbff920ae1bd45588dd4", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, { "url": "https://git.kernel.org/stable/c/37330f37f6666c7739a44b2b6b95b047ccdbed2d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/54c2c96eafcfd242e52e932ab54ace4784efe1dd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, { "url": "https://git.kernel.org/stable/c/6c53b45c71b4920b5e62f0ea8079a1da382b9434", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/37330f37f6666c7739a44b2b6b95b047ccdbed2d", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/6c53b45c71b4920b5e62f0ea8079a1da382b9434", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] } ] }