In the Linux kernel, the following vulnerability has been resolved:
spi: fix use-after-free of the add_lock mutex
Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on
SPI buses") introduced a per-controller mutex. But mutex_unlock() of
said lock is called after the controller is already freed:
spi_unregister_controller(ctlr)
-> put_device(&ctlr->dev)
-> spi_controller_release(dev)
-> mutex_unlock(&ctrl->add_lock)
Move the put_device() after the mutex_unlock().
References
Configurations
History
17 Nov 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
19 Apr 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-416 | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
References | () https://git.kernel.org/stable/c/37330f37f6666c7739a44b2b6b95b047ccdbed2d - Patch | |
References | () https://git.kernel.org/stable/c/6c53b45c71b4920b5e62f0ea8079a1da382b9434 - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
First Time |
Linux linux Kernel
Linux |
10 Apr 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-10 19:15
Updated : 2024-11-17 15:15
NVD link : CVE-2021-47195
Mitre link : CVE-2021-47195
CVE.ORG link : CVE-2021-47195
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free