Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2021-47081
HistoryMar 01, 2024 - 9:15 p.m.

CVE-2021-47081 habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory

2024-03-0121:15:16
Linux
www.cve.org
7
cve-2021-47081
habanalabs
gaudi
potential use after free
gaudi_memset_device_memory
uaf
cb->id

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

9.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory

Our code analyzer reported a uaf.

In gaudi_memset_device_memory, cb is get via hl_cb_kernel_create()
with 2 refcount.
If hl_cs_allocate_job() failed, the execution runs into release_cb
branch. One ref of cb is dropped by hl_cb_put(cb) and could be freed
if other thread also drops one ref. Then cb is used by cb->id later,
which is a potential uaf.

My patch add a variable ‘id’ to accept the value of cb->id before the
hl_cb_put(cb) is called, to avoid the potential uaf.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/misc/habanalabs/gaudi/gaudi.c"
    ],
    "versions": [
      {
        "version": "423815bf02e2",
        "lessThan": "b49f5af30b0e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "423815bf02e2",
        "lessThan": "115726c5d312",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/misc/habanalabs/gaudi/gaudi.c"
    ],
    "versions": [
      {
        "version": "5.12",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.12",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.12.7",
        "lessThanOrEqual": "5.12.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.13",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

nvd 1
prion 1
vulnrichment 1
ubuntucve 1
debiancve 1
redhatcve 1
cve 1
nessus 2
nvd
nvd
CVE-2021-47081
2024-03-01 22:15:47
prion
prion
Spoofing
2024-03-01 22:15:00
vulnrichment
vulnrichment
CVE-2021-47081 habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory
2024-03-01 21:15:16
ubuntucve
ubuntucve
CVE-2021-47081
2024-03-01 00:00:00
debiancve
debiancve
CVE-2021-47081
2024-03-01 22:15:47
redhatcve
redhatcve
CVE-2021-47081
2024-03-03 10:01:50
cve
cve
CVE-2021-47081
2024-03-01 22:15:47
nessus
nessus
RHEL 6 : kernel (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : kernel (Unpatched Vulnerability)
2024-05-11 00:00:00

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

9.0%

JSON
Related for CVELIST:CVE-2021-47081
nvd1prion1vulnrichment1ubuntucve1debiancve1redhatcve1cve1nessus2