CVE-2021-47058 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak when calling regmap_attach_dev") that adds a if condition when create name for debugfs_name. With below function invoking logical, debugfs_name is freed in regmap_debugfs_exit(), but it is not created again because of the if condition introduced by above commit. regmap_reinit_cache() regmap_debugfs_exit() ... regmap_debugfs_init() So, set debugfs_name to NULL after it is freed.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/2dc1554d5f0fdaf47cc5bea442b84b9226fea867
https://git.kernel.org/stable/c/b9e569ae1da3a113b3acee8703c94777fd20938a
https://git.kernel.org/stable/c/c764e375ae647832de1ee73d43a4bb3ef8a8f43d
https://git.kernel.org/stable/c/d8897f7b2283a500666c85ef06e820df38ed7b52
https://git.kernel.org/stable/c/e41a962f82e7afb5b1ee644f48ad0b3aee656268
https://git.kernel.org/stable/c/eb949f891226c012138ffd9df90d1e509f428ae6
https://lore.kernel.org/linux-cve-announce/2024022951-CVE-2021-47058-3130@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2021-47058
https://www.cve.org/CVERecord?id=CVE-2021-47058

History

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-29T22:37:33.232Z

Updated: 2024-11-04T11:58:37.220Z

Reserved: 2024-02-29T22:33:44.294Z

Link: CVE-2021-47058

Vulnrichment

Updated: 2024-08-04T05:24:39.586Z

NVD

Status : Awaiting Analysis

Published: 2024-02-29T23:15:07.640

Modified: 2024-03-01T14:04:26.010

Link: CVE-2021-47058

Redhat

Severity : Low

Publid Date: 2024-02-29T00:00:00Z

Links: CVE-2021-47058 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47058", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-29T22:33:44.294Z", "datePublished": "2024-02-29T22:37:33.232Z", "dateUpdated": "2024-11-04T11:58:37.220Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:58:37.220Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: set debugfs_name to NULL after it is freed\n\nThere is a upstream commit cffa4b2122f5(\"regmap:debugfs:\nFix a memory leak when calling regmap_attach_dev\") that\nadds a if condition when create name for debugfs_name.\nWith below function invoking logical, debugfs_name is\nfreed in regmap_debugfs_exit(), but it is not created again\nbecause of the if condition introduced by above commit.\nregmap_reinit_cache()\n\tregmap_debugfs_exit()\n\t...\n\tregmap_debugfs_init()\nSo, set debugfs_name to NULL after it is freed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/regmap/regmap-debugfs.c"], "versions": [{"version": "5b654b030079", "lessThan": "2dc1554d5f0f", "status": "affected", "versionType": "git"}, {"version": "480c5e9c7e4c", "lessThan": "d8897f7b2283", "status": "affected", "versionType": "git"}, {"version": "c9698380b01a", "lessThan": "eb949f891226", "status": "affected", "versionType": "git"}, {"version": "cffa4b2122f5", "lessThan": "c764e375ae64", "status": "affected", "versionType": "git"}, {"version": "cffa4b2122f5", "lessThan": "b9e569ae1da3", "status": "affected", "versionType": "git"}, {"version": "cffa4b2122f5", "lessThan": "e41a962f82e7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/regmap/regmap-debugfs.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.191", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.119", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.37", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.21", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.4", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/2dc1554d5f0fdaf47cc5bea442b84b9226fea867"}, {"url": "https://git.kernel.org/stable/c/d8897f7b2283a500666c85ef06e820df38ed7b52"}, {"url": "https://git.kernel.org/stable/c/eb949f891226c012138ffd9df90d1e509f428ae6"}, {"url": "https://git.kernel.org/stable/c/c764e375ae647832de1ee73d43a4bb3ef8a8f43d"}, {"url": "https://git.kernel.org/stable/c/b9e569ae1da3a113b3acee8703c94777fd20938a"}, {"url": "https://git.kernel.org/stable/c/e41a962f82e7afb5b1ee644f48ad0b3aee656268"}], "title": "regmap: set debugfs_name to NULL after it is freed", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47058", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-01T15:52:46.074960Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:14:13.511Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.586Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2dc1554d5f0fdaf47cc5bea442b84b9226fea867", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d8897f7b2283a500666c85ef06e820df38ed7b52", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eb949f891226c012138ffd9df90d1e509f428ae6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c764e375ae647832de1ee73d43a4bb3ef8a8f43d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b9e569ae1da3a113b3acee8703c94777fd20938a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e41a962f82e7afb5b1ee644f48ad0b3aee656268", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2dc1554d5f0fdaf47cc5bea442b84b9226fea867", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d8897f7b2283a500666c85ef06e820df38ed7b52", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eb949f891226c012138ffd9df90d1e509f428ae6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c764e375ae647832de1ee73d43a4bb3ef8a8f43d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b9e569ae1da3a113b3acee8703c94777fd20938a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e41a962f82e7afb5b1ee644f48ad0b3aee656268", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.586Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47058", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-01T15:52:46.074960Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.422Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "regmap: set debugfs_name to NULL after it is freed", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5b654b030079", "lessThan": "2dc1554d5f0f", "versionType": "git"}, {"status": "affected", "version": "480c5e9c7e4c", "lessThan": "d8897f7b2283", "versionType": "git"}, {"status": "affected", "version": "c9698380b01a", "lessThan": "eb949f891226", "versionType": "git"}, {"status": "affected", "version": "cffa4b2122f5", "lessThan": "c764e375ae64", "versionType": "git"}, {"status": "affected", "version": "cffa4b2122f5", "lessThan": "b9e569ae1da3", "versionType": "git"}, {"status": "affected", "version": "cffa4b2122f5", "lessThan": "e41a962f82e7", "versionType": "git"}], "programFiles": ["drivers/base/regmap/regmap-debugfs.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.11"}, {"status": "unaffected", "version": "0", "lessThan": "5.11", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.191", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.119", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.37", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.21", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.4", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/base/regmap/regmap-debugfs.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2dc1554d5f0fdaf47cc5bea442b84b9226fea867"}, {"url": "https://git.kernel.org/stable/c/d8897f7b2283a500666c85ef06e820df38ed7b52"}, {"url": "https://git.kernel.org/stable/c/eb949f891226c012138ffd9df90d1e509f428ae6"}, {"url": "https://git.kernel.org/stable/c/c764e375ae647832de1ee73d43a4bb3ef8a8f43d"}, {"url": "https://git.kernel.org/stable/c/b9e569ae1da3a113b3acee8703c94777fd20938a"}, {"url": "https://git.kernel.org/stable/c/e41a962f82e7afb5b1ee644f48ad0b3aee656268"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: set debugfs_name to NULL after it is freed\n\nThere is a upstream commit cffa4b2122f5(\"regmap:debugfs:\nFix a memory leak when calling regmap_attach_dev\") that\nadds a if condition when create name for debugfs_name.\nWith below function invoking logical, debugfs_name is\nfreed in regmap_debugfs_exit(), but it is not created again\nbecause of the if condition introduced by above commit.\nregmap_reinit_cache()\n\tregmap_debugfs_exit()\n\t...\n\tregmap_debugfs_init()\nSo, set debugfs_name to NULL after it is freed."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:58:37.220Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47058", "state": "PUBLISHED", "dateUpdated": "2024-11-04T11:58:37.220Z", "dateReserved": "2024-02-29T22:33:44.294Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-29T22:37:33.232Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: set debugfs_name to NULL after it is freed\n\nThere is a upstream commit cffa4b2122f5(\"regmap:debugfs:\nFix a memory leak when calling regmap_attach_dev\") that\nadds a if condition when create name for debugfs_name.\nWith below function invoking logical, debugfs_name is\nfreed in regmap_debugfs_exit(), but it is not created again\nbecause of the if condition introduced by above commit.\nregmap_reinit_cache()\n\tregmap_debugfs_exit()\n\t...\n\tregmap_debugfs_init()\nSo, set debugfs_name to NULL after it is freed."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: regmap: establece debugfs_name en NULL despu\u00e9s de liberarlo. Hay una confirmaci\u00f3n ascendente cffa4b2122f5(\"regmap:debugfs: corrige una p\u00e9rdida de memoria al llamar a regmap_attach_dev\") que agrega una condici\u00f3n if al crear nombre para debugfs_name. Con la siguiente funci\u00f3n que invoca l\u00f3gica, debugfs_name se libera en regmap_debugfs_exit(), pero no se vuelve a crear debido a la condici\u00f3n if introducida por la confirmaci\u00f3n anterior. regmap_reinit_cache() regmap_debugfs_exit() ... regmap_debugfs_init() Entonces, establezca debugfs_name en NULL despu\u00e9s de liberarlo."}], "id": "CVE-2021-47058", "lastModified": "2024-03-01T14:04:26.010", "metrics": {}, "published": "2024-02-29T23:15:07.640", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2dc1554d5f0fdaf47cc5bea442b84b9226fea867"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b9e569ae1da3a113b3acee8703c94777fd20938a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c764e375ae647832de1ee73d43a4bb3ef8a8f43d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d8897f7b2283a500666c85ef06e820df38ed7b52"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e41a962f82e7afb5b1ee644f48ad0b3aee656268"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/eb949f891226c012138ffd9df90d1e509f428ae6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: use-after-free regmap: set debugfs_name to NULL after it is freed", "id": "2267179", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267179"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nregmap: set debugfs_name to NULL after it is freed\nThere is a upstream commit cffa4b2122f5(\"regmap:debugfs:\nFix a memory leak when calling regmap_attach_dev\") that\nadds a if condition when create name for debugfs_name.\nWith below function invoking logical, debugfs_name is\nfreed in regmap_debugfs_exit(), but it is not created again\nbecause of the if condition introduced by above commit.\nregmap_reinit_cache()\nregmap_debugfs_exit()\n...\nregmap_debugfs_init()\nSo, set debugfs_name to NULL after it is freed."], "name": "CVE-2021-47058", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47058\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47058\nhttps://lore.kernel.org/linux-cve-announce/2024022951-CVE-2021-47058-3130@gregkh/T/#u"], "threat_severity": "Low", "upstream_fix": "kernel 4.19.191, kernel 5.4.119, kernel 5.10.37, kernel 5.11.21, kernel 5.12.4, kernel 5.13"}