CVE-2021-47327

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less than 0. The reference counting issue happens in some error handling paths of arm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get() fails, the caller functions forget to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak. Fix this issue by calling pm_runtime_resume_and_get() instead of pm_runtime_get_sync() in arm_smmu_rpm_get(), which can keep the refcount balanced in case of failure.
Configurations

No configuration.

History

03 Jul 2024, 01:37

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/arm-smmu: corrige la fuga de refcount de arm_smmu_device cuando falla arm_smmu_rpm_get arm_smmu_rpm_get() invoca pm_runtime_get_sync(), lo que aumenta el refcount de "smmu" aunque el valor de retorno sea menor que 0. El problema del conteo de referencias ocurre en algunas rutas de manejo de errores de arm_smmu_rpm_get() en sus funciones de llamada. Cuando arm_smmu_rpm_get() falla, las funciones de la persona que llama se olvidan de disminuir el recuento de "smmu" aumentado en arm_smmu_rpm_get(), lo que provoca una fuga de recuento. Solucione este problema llamando a pm_runtime_resume_and_get() en lugar de pm_runtime_get_sync() en arm_smmu_rpm_get(), lo que puede mantener el recuento equilibrado en caso de fallo.
CWE CWE-911
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1

21 May 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-21 15:15

Updated : 2024-07-03 01:37


NVD link : CVE-2021-47327

Mitre link : CVE-2021-47327

CVE.ORG link : CVE-2021-47327


JSON object : View

Products Affected

No product.

CWE
CWE-911

Improper Update of Reference Count