CVE-2021-47332 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Don't call free_pages_exact() with NULL address Unlike some other functions, we can't pass NULL pointer to free_pages_exact(). Add a proper NULL check for avoiding possible Oops.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/7d7f30cf182e55023fa8fde4c084b2d37c6be69d
https://git.kernel.org/stable/c/82e5ee742fdd8874fe996181b87fafe1eb5f1196
https://git.kernel.org/stable/c/88262229b778f4f7a896da828d966f94dcb35d19
https://git.kernel.org/stable/c/bee295f5e03510252d18b25cc1d26230256eb87a
https://git.kernel.org/stable/c/cae0cf651adccee2c3f376e78f30fbd788d0829f
https://nvd.nist.gov/vuln/detail/CVE-2021-47332
https://www.cve.org/CVERecord?id=CVE-2021-47332

History

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T14:35:43.078Z

Updated: 2024-09-11T17:33:51.334Z

Reserved: 2024-05-21T14:28:16.975Z

Link: CVE-2021-47332

Vulnrichment

Updated: 2024-08-04T05:32:08.587Z

NVD

Status : Awaiting Analysis

Published: 2024-05-21T15:15:20.133

Modified: 2024-05-21T16:54:26.047

Link: CVE-2021-47332

Redhat

Severity : Low

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47332 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47332", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:28:16.975Z", "datePublished": "2024-05-21T14:35:43.078Z", "dateUpdated": "2024-09-11T17:33:51.334Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:06:07.472Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usx2y: Don't call free_pages_exact() with NULL address\n\nUnlike some other functions, we can't pass NULL pointer to\nfree_pages_exact(). Add a proper NULL check for avoiding possible\nOops."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/usb/usx2y/usb_stream.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "88262229b778", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7d7f30cf182e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "bee295f5e035", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "82e5ee742fdd", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "cae0cf651adc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/usb/usx2y/usb_stream.c"], "versions": [{"version": "5.4.134", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.52", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12.19", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.13.4", "lessThanOrEqual": "5.13.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/88262229b778f4f7a896da828d966f94dcb35d19"}, {"url": "https://git.kernel.org/stable/c/7d7f30cf182e55023fa8fde4c084b2d37c6be69d"}, {"url": "https://git.kernel.org/stable/c/bee295f5e03510252d18b25cc1d26230256eb87a"}, {"url": "https://git.kernel.org/stable/c/82e5ee742fdd8874fe996181b87fafe1eb5f1196"}, {"url": "https://git.kernel.org/stable/c/cae0cf651adccee2c3f376e78f30fbd788d0829f"}], "title": "ALSA: usx2y: Don't call free_pages_exact() with NULL address", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.587Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/88262229b778f4f7a896da828d966f94dcb35d19", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d7f30cf182e55023fa8fde4c084b2d37c6be69d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bee295f5e03510252d18b25cc1d26230256eb87a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/82e5ee742fdd8874fe996181b87fafe1eb5f1196", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cae0cf651adccee2c3f376e78f30fbd788d0829f", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47332", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:38:59.801234Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:51.334Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/88262229b778f4f7a896da828d966f94dcb35d19", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d7f30cf182e55023fa8fde4c084b2d37c6be69d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bee295f5e03510252d18b25cc1d26230256eb87a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/82e5ee742fdd8874fe996181b87fafe1eb5f1196", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cae0cf651adccee2c3f376e78f30fbd788d0829f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.587Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47332", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:38:59.801234Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:19.221Z"}}], "cna": {"title": "ALSA: usx2y: Don't call free_pages_exact() with NULL address", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "88262229b778", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7d7f30cf182e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "bee295f5e035", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "82e5ee742fdd", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "cae0cf651adc", "versionType": "git"}], "programFiles": ["sound/usb/usx2y/usb_stream.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.4.134", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.52", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.19", "versionType": "custom", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13.4", "versionType": "custom", "lessThanOrEqual": "5.13.*"}, {"status": "unaffected", "version": "5.14", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/usb/usx2y/usb_stream.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/88262229b778f4f7a896da828d966f94dcb35d19"}, {"url": "https://git.kernel.org/stable/c/7d7f30cf182e55023fa8fde4c084b2d37c6be69d"}, {"url": "https://git.kernel.org/stable/c/bee295f5e03510252d18b25cc1d26230256eb87a"}, {"url": "https://git.kernel.org/stable/c/82e5ee742fdd8874fe996181b87fafe1eb5f1196"}, {"url": "https://git.kernel.org/stable/c/cae0cf651adccee2c3f376e78f30fbd788d0829f"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usx2y: Don't call free_pages_exact() with NULL address\n\nUnlike some other functions, we can't pass NULL pointer to\nfree_pages_exact(). Add a proper NULL check for avoiding possible\nOops."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:06:07.472Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47332", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:51.334Z", "dateReserved": "2024-05-21T14:28:16.975Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:35:43.078Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}