CVE-2021-47500

May 24, 2024, 6:09 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: iio: mma8452: Fix trigger reference couting The mma8452 driver directly assigns a trigger to the struct iio_dev. The IIO core when done using this trigger will call `iio_trigger_put()` to drop the reference count by 1. Without the matching `iio_trigger_get()` in the driver the reference count can reach 0 too early, the trigger gets freed while still in use and a use-after-free occurs. Fix this by getting a reference to the trigger before assigning it to the IIO device.

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba
https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb
https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e
https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739
https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892
https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1
https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8
https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-24
CVE-2021-47500

Timeline

Published: May 24, 2024, 3:15 p.m.
Last Modified: May 24, 2024, 6:09 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.