CVE-2021-47358 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: uart: fix tty use after free User space can hold a tty open indefinitely and tty drivers must not release the underlying structures until the last user is gone. Switch to using the tty-port reference counter to manage the life time of the greybus tty state to avoid use after free after a disconnect.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14
https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f
https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d
https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39431b44f
https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1
https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69
https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6
https://lore.kernel.org/linux-cve-announce/2024052151-CVE-2021-47358-3a8d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47358
https://www.cve.org/CVERecord?id=CVE-2021-47358

History

Thu, 29 Aug 2024 14:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`	cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T14:44:50.221Z

Updated: 2024-11-04T12:04:23.392Z

Reserved: 2024-05-21T14:28:16.988Z

Link: CVE-2021-47358

Vulnrichment

Updated: 2024-08-04T05:32:08.651Z

NVD

Status : Awaiting Analysis

Published: 2024-05-21T15:15:22.073

Modified: 2024-05-21T16:54:26.047

Link: CVE-2021-47358

Redhat

Severity : Moderate

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47358 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47358", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:28:16.988Z", "datePublished": "2024-05-21T14:44:50.221Z", "dateUpdated": "2024-11-04T12:04:23.392Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:04:23.392Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: greybus: uart: fix tty use after free\n\nUser space can hold a tty open indefinitely and tty drivers must not\nrelease the underlying structures until the last user is gone.\n\nSwitch to using the tty-port reference counter to manage the life time\nof the greybus tty state to avoid use after free after a disconnect."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/greybus/uart.c"], "versions": [{"version": "a18e15175708", "lessThan": "92b67aaafb7c", "status": "affected", "versionType": "git"}, {"version": "a18e15175708", "lessThan": "64062fcaca88", "status": "affected", "versionType": "git"}, {"version": "a18e15175708", "lessThan": "a5cfd51f6348", "status": "affected", "versionType": "git"}, {"version": "a18e15175708", "lessThan": "4dc56951a8d9", "status": "affected", "versionType": "git"}, {"version": "a18e15175708", "lessThan": "b9e697e60ce9", "status": "affected", "versionType": "git"}, {"version": "a18e15175708", "lessThan": "9872ff6fdce8", "status": "affected", "versionType": "git"}, {"version": "a18e15175708", "lessThan": "92dc0b1f46e1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/greybus/uart.c"], "versions": [{"version": "4.9", "status": "affected"}, {"version": "0", "lessThan": "4.9", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.285", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.249", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.209", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.150", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.70", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14.9", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d"}, {"url": "https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f"}, {"url": "https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69"}, {"url": "https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14"}, {"url": "https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6"}, {"url": "https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1"}, {"url": "https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39431b44f"}], "title": "staging: greybus: uart: fix tty use after free", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47358", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:24:46.611586Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:15:01.010Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.651Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39431b44f", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39431b44f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.651Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47358", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:24:46.611586Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:25.436Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "staging: greybus: uart: fix tty use after free", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a18e15175708", "lessThan": "92b67aaafb7c", "versionType": "git"}, {"status": "affected", "version": "a18e15175708", "lessThan": "64062fcaca88", "versionType": "git"}, {"status": "affected", "version": "a18e15175708", "lessThan": "a5cfd51f6348", "versionType": "git"}, {"status": "affected", "version": "a18e15175708", "lessThan": "4dc56951a8d9", "versionType": "git"}, {"status": "affected", "version": "a18e15175708", "lessThan": "b9e697e60ce9", "versionType": "git"}, {"status": "affected", "version": "a18e15175708", "lessThan": "9872ff6fdce8", "versionType": "git"}, {"status": "affected", "version": "a18e15175708", "lessThan": "92dc0b1f46e1", "versionType": "git"}], "programFiles": ["drivers/staging/greybus/uart.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.9"}, {"status": "unaffected", "version": "0", "lessThan": "4.9", "versionType": "semver"}, {"status": "unaffected", "version": "4.9.285", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.249", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.209", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.150", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.70", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.14.9", "versionType": "semver", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/staging/greybus/uart.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d"}, {"url": "https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f"}, {"url": "https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69"}, {"url": "https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14"}, {"url": "https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6"}, {"url": "https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1"}, {"url": "https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39431b44f"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: greybus: uart: fix tty use after free\n\nUser space can hold a tty open indefinitely and tty drivers must not\nrelease the underlying structures until the last user is gone.\n\nSwitch to using the tty-port reference counter to manage the life time\nof the greybus tty state to avoid use after free after a disconnect."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:04:23.392Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47358", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:04:23.392Z", "dateReserved": "2024-05-21T14:28:16.988Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:44:50.221Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: staging: greybus: uart: fix tty use after free", "id": "2282392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282392"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nstaging: greybus: uart: fix tty use after free\nUser space can hold a tty open indefinitely and tty drivers must not\nrelease the underlying structures until the last user is gone.\nSwitch to using the tty-port reference counter to manage the life time\nof the greybus tty state to avoid use after free after a disconnect.", "A use-after-free flaw was in the Linux kernel\u2019s Greybus UART driver when a user held a tty open. This flaw allows a local user to crash the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-47358", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47358\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47358\nhttps://lore.kernel.org/linux-cve-announce/2024052151-CVE-2021-47358-3a8d@gregkh/T"], "statement": "This flaw doesn't affect any versions of Red Hat Enterprise Linux, because the kernel config param, CONFIG_GREYBUS_UART, is disabled.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.9.285, kernel 4.14.249, kernel 4.19.209, kernel 5.4.150, kernel 5.10.70, kernel 5.14.9, kernel 5.15"}