Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2021-47334
HistoryMay 21, 2024 - 2:35 p.m.

CVE-2021-47334 misc/libmasm/module: Fix two use after free in ibmasm_init_one

2024-05-2114:35:44
Linux
www.cve.org
linux kernel
vulnerability
ibmasm_init_one
use after free
input_allocate_device
input_free_device
uaf bugs

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

In the Linux kernel, the following vulnerability has been resolved:

misc/libmasm/module: Fix two use after free in ibmasm_init_one

In ibmasm_init_one, it calls ibmasm_init_remote_input_dev().
Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are
allocated by input_allocate_device(), and assigned to
sp->remote.mouse_dev and sp->remote.keybd_dev respectively.

In the err_free_devices error branch of ibmasm_init_one,
mouse_dev and keybd_dev are freed by input_free_device(), and return
error. Then the execution runs into error_send_message error branch
of ibmasm_init_one, where ibmasm_free_remote_input_dev(sp) is called
to unregister the freed sp->remote.mouse_dev and sp->remote.keybd_dev.

My patch add a “error_init_remote” label to handle the error of
ibmasm_init_remote_input_dev(), to avoid the uaf bugs.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/misc/ibmasm/module.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "1512e7dc5eb0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "29ba8e2ba89e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "5b06ca113bf1",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "481a76d4749e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "38660031e80e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "b9c87ce3bc63",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "ef1067d2baa8",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "a7268e8a227d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "7272b591c4cb",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/misc/ibmasm/module.c"
    ],
    "versions": [
      {
        "version": "4.4.276",
        "lessThanOrEqual": "4.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.9.276",
        "lessThanOrEqual": "4.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.14.240",
        "lessThanOrEqual": "4.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.198",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.134",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.52",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.12.19",
        "lessThanOrEqual": "5.12.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.13.4",
        "lessThanOrEqual": "5.13.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.14",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

nvd 1
ubuntucve 1
vulnrichment 1
redhatcve 1
debiancve 1
cve 1
nessus 5
openvas 1
nvd
nvd
CVE-2021-47334
2024-05-21 15:15:20
ubuntucve
ubuntucve
CVE-2021-47334
2024-05-21 00:00:00
vulnrichment
vulnrichment
CVE-2021-47334 misc/libmasm/module: Fix two use after free in ibmasm_init_one
2024-05-21 14:35:44
redhatcve
redhatcve
CVE-2021-47334
2024-05-22 11:57:33
debiancve
debiancve
CVE-2021-47334
2024-05-21 15:15:20
cve
cve
CVE-2021-47334
2024-05-21 15:15:20
nessus
nessus
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2183-1)
2024-06-25 00:00:00
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:2184-1)
2024-06-25 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2185-1)
2024-06-25 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1979-1)
2024-06-12 00:00:00

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON
Related for CVELIST:CVE-2021-47334
nvd1ubuntucve1vulnrichment1redhatcve1debiancve1cve1nessus5openvas1