CVE-2021-47235 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: fix potential use-after-free in ec_bhf_remove static void ec_bhf_remove(struct pci_dev *dev) { ... struct ec_bhf_priv *priv = netdev_priv(net_dev); unregister_netdev(net_dev); free_netdev(net_dev); pci_iounmap(dev, priv->dma_io); pci_iounmap(dev, priv->io); ... } priv is netdev private data, but it is used after free_netdev(). It can cause use-after-free when accessing priv pointer. So, fix it by moving free_netdev() after pci_iounmap() calls.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2
https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a
https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6
https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea
https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6
https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb
https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130
https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8
https://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47235-1fb6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47235
https://www.cve.org/CVERecord?id=CVE-2021-47235

History

Mon, 04 Nov 2024 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T14:19:37.070Z

Updated: 2024-11-04T12:02:01.835Z

Reserved: 2024-04-10T18:59:19.531Z

Link: CVE-2021-47235

Vulnrichment

Updated: 2024-08-04T05:32:07.501Z

NVD

Status : Awaiting Analysis

Published: 2024-05-21T15:15:12.777

Modified: 2024-05-21T16:54:26.047

Link: CVE-2021-47235

Redhat

Severity : Moderate

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47235 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47235", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-04-10T18:59:19.531Z", "datePublished": "2024-05-21T14:19:37.070Z", "dateUpdated": "2024-11-04T12:02:01.835Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:02:01.835Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: fix potential use-after-free in ec_bhf_remove\n\nstatic void ec_bhf_remove(struct pci_dev *dev)\n{\n...\n\tstruct ec_bhf_priv *priv = netdev_priv(net_dev);\n\n\tunregister_netdev(net_dev);\n\tfree_netdev(net_dev);\n\n\tpci_iounmap(dev, priv->dma_io);\n\tpci_iounmap(dev, priv->io);\n...\n}\n\npriv is netdev private data, but it is used\nafter free_netdev(). It can cause use-after-free when accessing priv\npointer. So, fix it by moving free_netdev() after pci_iounmap()\ncalls."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/ec_bhf.c"], "versions": [{"version": "6af55ff52b02", "lessThan": "db2bc3cfd2bc", "status": "affected", "versionType": "git"}, {"version": "6af55ff52b02", "lessThan": "1cafc540b7bf", "status": "affected", "versionType": "git"}, {"version": "6af55ff52b02", "lessThan": "b1ad28375509", "status": "affected", "versionType": "git"}, {"version": "6af55ff52b02", "lessThan": "0260916843cc", "status": "affected", "versionType": "git"}, {"version": "6af55ff52b02", "lessThan": "19f88ca68ccf", "status": "affected", "versionType": "git"}, {"version": "6af55ff52b02", "lessThan": "95deeb29d831", "status": "affected", "versionType": "git"}, {"version": "6af55ff52b02", "lessThan": "d11d79e52ba0", "status": "affected", "versionType": "git"}, {"version": "6af55ff52b02", "lessThan": "9cca0c2d7014", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/ec_bhf.c"], "versions": [{"version": "3.15", "status": "affected"}, {"version": "0", "lessThan": "3.15", "status": "unaffected", "versionType": "semver"}, {"version": "4.4.274", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.274", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.238", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.196", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.128", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.46", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.13", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8"}, {"url": "https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6"}, {"url": "https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb"}, {"url": "https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2"}, {"url": "https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a"}, {"url": "https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea"}, {"url": "https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130"}, {"url": "https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6"}], "title": "net: ethernet: fix potential use-after-free in ec_bhf_remove", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:38:04.934934Z", "id": "CVE-2021-47235", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:40:03.824Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.501Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.501Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47235", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:38:04.934934Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:38:05.922Z"}}], "cna": {"title": "net: ethernet: fix potential use-after-free in ec_bhf_remove", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6af55ff52b02", "lessThan": "db2bc3cfd2bc", "versionType": "git"}, {"status": "affected", "version": "6af55ff52b02", "lessThan": "1cafc540b7bf", "versionType": "git"}, {"status": "affected", "version": "6af55ff52b02", "lessThan": "b1ad28375509", "versionType": "git"}, {"status": "affected", "version": "6af55ff52b02", "lessThan": "0260916843cc", "versionType": "git"}, {"status": "affected", "version": "6af55ff52b02", "lessThan": "19f88ca68ccf", "versionType": "git"}, {"status": "affected", "version": "6af55ff52b02", "lessThan": "95deeb29d831", "versionType": "git"}, {"status": "affected", "version": "6af55ff52b02", "lessThan": "d11d79e52ba0", "versionType": "git"}, {"status": "affected", "version": "6af55ff52b02", "lessThan": "9cca0c2d7014", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/ec_bhf.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.15"}, {"status": "unaffected", "version": "0", "lessThan": "3.15", "versionType": "semver"}, {"status": "unaffected", "version": "4.4.274", "versionType": "semver", "lessThanOrEqual": "4.4.*"}, {"status": "unaffected", "version": "4.9.274", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.238", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.196", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.128", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.46", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.13", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "semver", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/ec_bhf.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8"}, {"url": "https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6"}, {"url": "https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb"}, {"url": "https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2"}, {"url": "https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a"}, {"url": "https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea"}, {"url": "https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130"}, {"url": "https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6"}], "x_generator": {"engine": "bippy-c8e10e5f6187"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: fix potential use-after-free in ec_bhf_remove\n\nstatic void ec_bhf_remove(struct pci_dev *dev)\n{\n...\n\tstruct ec_bhf_priv *priv = netdev_priv(net_dev);\n\n\tunregister_netdev(net_dev);\n\tfree_netdev(net_dev);\n\n\tpci_iounmap(dev, priv->dma_io);\n\tpci_iounmap(dev, priv->io);\n...\n}\n\npriv is netdev private data, but it is used\nafter free_netdev(). It can cause use-after-free when accessing priv\npointer. So, fix it by moving free_netdev() after pci_iounmap()\ncalls."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:37:19.111Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47235", "state": "PUBLISHED", "dateUpdated": "2024-11-04T11:37:19.111Z", "dateReserved": "2024-04-10T18:59:19.531Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:19:37.070Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: fix potential use-after-free in ec_bhf_remove\n\nstatic void ec_bhf_remove(struct pci_dev *dev)\n{\n...\n\tstruct ec_bhf_priv *priv = netdev_priv(net_dev);\n\n\tunregister_netdev(net_dev);\n\tfree_netdev(net_dev);\n\n\tpci_iounmap(dev, priv->dma_io);\n\tpci_iounmap(dev, priv->io);\n...\n}\n\npriv is netdev private data, but it is used\nafter free_netdev(). It can cause use-after-free when accessing priv\npointer. So, fix it by moving free_netdev() after pci_iounmap()\ncalls."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet: soluciona el posible use after free en ec_bhf_remove static void ec_bhf_remove(struct pci_dev *dev) { ... struct ec_bhf_priv *priv = netdev_priv(net_dev); anular el registro_netdev(net_dev); free_netdev(net_dev); pci_iounmap(dev, priv->dma_io); pci_iounmap(dev, priv->io); ... } priv son datos privados de netdev, pero se usan despu\u00e9s de free_netdev(). Puede causar use after free al acceder al puntero privado. Entonces, solucionelo moviendo free_netdev() despu\u00e9s de las llamadas a pci_iounmap()."}], "id": "CVE-2021-47235", "lastModified": "2024-05-21T16:54:26.047", "metrics": {}, "published": "2024-05-21T15:15:12.777", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: ethernet: fix potential use-after-free in ec_bhf_remove", "id": "2282582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282582"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: ethernet: fix potential use-after-free in ec_bhf_remove\nstatic void ec_bhf_remove(struct pci_dev *dev)\n{\n...\nstruct ec_bhf_priv *priv = netdev_priv(net_dev);\nunregister_netdev(net_dev);\nfree_netdev(net_dev);\npci_iounmap(dev, priv->dma_io);\npci_iounmap(dev, priv->io);\n...\n}\npriv is netdev private data, but it is used\nafter free_netdev(). It can cause use-after-free when accessing priv\npointer. So, fix it by moving free_netdev() after pci_iounmap()\ncalls."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47235", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47235\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47235\nhttps://lore.kernel.org/linux-cve-announce/2024052140-CVE-2021-47235-1fb6@gregkh/T"], "statement": "None of the products shipped by Red Hat are affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.4.274, kernel 4.9.274, kernel 4.14.238, kernel 4.19.196, kernel 5.4.128, kernel 5.10.46, kernel 5.12.13, kernel 5.13"}