CVE-2021-47334

In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are allocated by input_allocate_device(), and assigned to sp->remote.mouse_dev and sp->remote.keybd_dev respectively. In the err_free_devices error branch of ibmasm_init_one, mouse_dev and keybd_dev are freed by input_free_device(), and return error. Then the execution runs into error_send_message error branch of ibmasm_init_one, where ibmasm_free_remote_input_dev(sp) is called to unregister the freed sp->remote.mouse_dev and sp->remote.keybd_dev. My patch add a "error_init_remote" label to handle the error of ibmasm_init_remote_input_dev(), to avoid the uaf bugs.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069	Patch
https://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a	Patch
https://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d	Patch
https://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e	Patch
https://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab	Patch
https://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae	Patch
https://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274	Patch
https://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3	Patch
https://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c	Patch
https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069	Patch
https://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a	Patch
https://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d	Patch
https://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e	Patch
https://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab	Patch
https://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae	Patch
https://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274	Patch
https://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3	Patch
https://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

26 Dec 2024, 19:25

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069 -~~	() https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069 - Patch
References	~~() https://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a -~~	() https://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a - Patch
References	~~() https://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d -~~	() https://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d - Patch
References	~~() https://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e -~~	() https://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e - Patch
References	~~() https://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab -~~	() https://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab - Patch
References	~~() https://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae -~~	() https://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae - Patch
References	~~() https://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274 -~~	() https://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274 - Patch
References	~~() https://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3 -~~	() https://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3 - Patch
References	~~() https://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c -~~	() https://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-416

Information

Published : 2024-05-21 15:15

Updated : 2024-12-26 19:25

NVD link : CVE-2021-47334

Mitre link : CVE-2021-47334

CVE.ORG link : CVE-2021-47334

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10