CVE-2021-47334
Linux kernel Vendor Use After Free
Description
In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are allocated by input_allocate_device(), and assigned to sp->remote.mouse_dev and sp->remote.keybd_dev respectively. In the err_free_devices error branch of ibmasm_init_one, mouse_dev and keybd_dev are freed by input_free_device(), and return error. Then the execution runs into error_send_message error branch of ibmasm_init_one, where ibmasm_free_remote_input_dev(sp) is called to unregister the freed sp->remote.mouse_dev and sp->remote.keybd_dev. My patch add a "error_init_remote" label to handle the error of ibmasm_init_remote_input_dev(), to avoid the uaf bugs.
INFO
Published Date :
May 21, 2024, 3:15 p.m.
Last Modified :
Dec. 26, 2024, 7:25 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
5.9
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2021-47334.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2021-47334 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2021-47334 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Dec. 26, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Added CWE NIST CWE-416 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 4.4.276 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.5 up to (excluding) 4.9.276 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.240 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.198 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.134 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.52 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.12.19 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.13 up to (excluding) 5.13.4 Changed Reference Type https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069 No Types Assigned https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069 Patch Changed Reference Type https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069 No Types Assigned https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069 Patch Changed Reference Type https://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a No Types Assigned https://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a Patch Changed Reference Type https://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a No Types Assigned https://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a Patch Changed Reference Type https://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d No Types Assigned https://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d Patch Changed Reference Type https://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d No Types Assigned https://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d Patch Changed Reference Type https://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e No Types Assigned https://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e Patch Changed Reference Type https://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e No Types Assigned https://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e Patch Changed Reference Type https://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab No Types Assigned https://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab Patch Changed Reference Type https://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab No Types Assigned https://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab Patch Changed Reference Type https://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae No Types Assigned https://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae Patch Changed Reference Type https://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae No Types Assigned https://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae Patch Changed Reference Type https://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274 No Types Assigned https://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274 Patch Changed Reference Type https://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274 No Types Assigned https://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274 Patch Changed Reference Type https://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3 No Types Assigned https://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3 Patch Changed Reference Type https://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3 No Types Assigned https://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3 Patch Changed Reference Type https://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c No Types Assigned https://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c Patch Changed Reference Type https://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c No Types Assigned https://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c Patch -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069 Added Reference https://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a Added Reference https://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d Added Reference https://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e Added Reference https://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab Added Reference https://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae Added Reference https://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274 Added Reference https://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3 Added Reference https://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 28, 2024
Action Type Old Value New Value -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 21, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are allocated by input_allocate_device(), and assigned to sp->remote.mouse_dev and sp->remote.keybd_dev respectively. In the err_free_devices error branch of ibmasm_init_one, mouse_dev and keybd_dev are freed by input_free_device(), and return error. Then the execution runs into error_send_message error branch of ibmasm_init_one, where ibmasm_free_remote_input_dev(sp) is called to unregister the freed sp->remote.mouse_dev and sp->remote.keybd_dev. My patch add a "error_init_remote" label to handle the error of ibmasm_init_remote_input_dev(), to avoid the uaf bugs. Added Reference kernel.org https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2021-47334 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2021-47334
weaknesses.