CVE-2021-47239 net: usb: fix possible use-after-free in smsc75xx_bind

2024-05-2114:19:39

Linux

www.cve.org

linux kernel

vulnerability

net

usb

fix

use-after-free

smsc75xx_bind

memory leak

commit

patch

cancel_work_sync

scheduled work

dangling pointer

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net: usb: fix possible use-after-free in smsc75xx_bind

The commit 46a8b29c6306 (“net: usb: fix memory leak in smsc75xx_bind”)
fails to clean up the work scheduled in smsc75xx_reset->
smsc75xx_set_multicast, which leads to use-after-free if the work is
scheduled to start after the deallocation. In addition, this patch
also removes a dangling pointer - dev->data[0].

This patch calls cancel_work_sync to cancel the scheduled work and set
the dangling pointer to NULL.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/usb/smsc75xx.c"
    ],
    "versions": [
      {
        "version": "200dbfcad801",
        "lessThan": "7cc8b2e05fce",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "22c840596af0",
        "lessThan": "64160d1741a3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9e6b8c1ff9d9",
        "lessThan": "c4e3be2e7742",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9e6a3eccb287",
        "lessThan": "2fc8300c9cfa",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b95fb96e6339",
        "lessThan": "4252bf6c2b24",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "635ac38b3625",
        "lessThan": "570a52cf3e01",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "70c886ac93f8",
        "lessThan": "14616c372a7b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "46a8b29c6306",
        "lessThan": "56b786d86694",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/usb/smsc75xx.c"
    ],
    "versions": [
      {
        "version": "4.4.271",
        "lessThan": "4.4.274",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "4.9.271",
        "lessThan": "4.9.274",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "4.14.235",
        "lessThan": "4.14.238",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "4.19.193",
        "lessThan": "4.19.196",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.4.124",
        "lessThan": "5.4.128",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.10.42",
        "lessThan": "5.10.46",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.12.9",
        "lessThan": "5.12.13",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]