CVE-2021-47361 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcb_alloc_bus() There are two bugs: 1) If ida_simple_get() fails then this code calls put_device(carrier) but we haven't yet called get_device(carrier) and probably that leads to a use after free. 2) After device_initialize() then we need to use put_device() to release the bus. This will free the internal resources tied to the device and call mcb_free_bus() which will free the rest.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f
https://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952cb6dbae
https://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b
https://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0
https://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea
https://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0
https://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499
https://lore.kernel.org/linux-cve-announce/2024052137-CVE-2021-47361-855d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47361
https://www.cve.org/CVERecord?id=CVE-2021-47361

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T15:03:29.882Z

Updated: 2024-11-04T12:04:26.844Z

Reserved: 2024-05-21T14:58:30.809Z

Link: CVE-2021-47361

Vulnrichment

Updated: 2024-08-04T05:32:08.591Z

NVD

Status : Awaiting Analysis

Published: 2024-05-21T15:15:22.283

Modified: 2024-05-21T16:54:26.047

Link: CVE-2021-47361

Redhat

Severity : Low

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47361 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47361", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:58:30.809Z", "datePublished": "2024-05-21T15:03:29.882Z", "dateUpdated": "2024-11-04T12:04:26.844Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:04:26.844Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmcb: fix error handling in mcb_alloc_bus()\n\nThere are two bugs:\n1) If ida_simple_get() fails then this code calls put_device(carrier)\n but we haven't yet called get_device(carrier) and probably that\n leads to a use after free.\n2) After device_initialize() then we need to use put_device() to\n release the bus. This will free the internal resources tied to the\n device and call mcb_free_bus() which will free the rest."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mcb/mcb-core.c"], "versions": [{"version": "5d9e2ab9fea4", "lessThan": "8a558261fa57", "status": "affected", "versionType": "git"}, {"version": "5d9e2ab9fea4", "lessThan": "115b07d9f47e", "status": "affected", "versionType": "git"}, {"version": "5d9e2ab9fea4", "lessThan": "66f74ba9be9d", "status": "affected", "versionType": "git"}, {"version": "5d9e2ab9fea4", "lessThan": "7751f609eadf", "status": "affected", "versionType": "git"}, {"version": "5d9e2ab9fea4", "lessThan": "91e4ad05bf18", "status": "affected", "versionType": "git"}, {"version": "5d9e2ab9fea4", "lessThan": "9fc198f415de", "status": "affected", "versionType": "git"}, {"version": "5d9e2ab9fea4", "lessThan": "25a143321648", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mcb/mcb-core.c"], "versions": [{"version": "4.7", "status": "affected"}, {"version": "0", "lessThan": "4.7", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.285", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.249", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.209", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.150", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.70", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14.9", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea"}, {"url": "https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f"}, {"url": "https://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b"}, {"url": "https://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0"}, {"url": "https://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0"}, {"url": "https://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499"}, {"url": "https://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952cb6dbae"}], "title": "mcb: fix error handling in mcb_alloc_bus()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47361", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:23:29.755480Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:13:52.235Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.591Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952cb6dbae", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952cb6dbae", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.591Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47361", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:23:29.755480Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:25.431Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "mcb: fix error handling in mcb_alloc_bus()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5d9e2ab9fea4", "lessThan": "8a558261fa57", "versionType": "git"}, {"status": "affected", "version": "5d9e2ab9fea4", "lessThan": "115b07d9f47e", "versionType": "git"}, {"status": "affected", "version": "5d9e2ab9fea4", "lessThan": "66f74ba9be9d", "versionType": "git"}, {"status": "affected", "version": "5d9e2ab9fea4", "lessThan": "7751f609eadf", "versionType": "git"}, {"status": "affected", "version": "5d9e2ab9fea4", "lessThan": "91e4ad05bf18", "versionType": "git"}, {"status": "affected", "version": "5d9e2ab9fea4", "lessThan": "9fc198f415de", "versionType": "git"}, {"status": "affected", "version": "5d9e2ab9fea4", "lessThan": "25a143321648", "versionType": "git"}], "programFiles": ["drivers/mcb/mcb-core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.7"}, {"status": "unaffected", "version": "0", "lessThan": "4.7", "versionType": "semver"}, {"status": "unaffected", "version": "4.9.285", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.249", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.209", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.150", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.70", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.14.9", "versionType": "semver", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/mcb/mcb-core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea"}, {"url": "https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f"}, {"url": "https://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b"}, {"url": "https://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0"}, {"url": "https://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0"}, {"url": "https://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499"}, {"url": "https://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952cb6dbae"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmcb: fix error handling in mcb_alloc_bus()\n\nThere are two bugs:\n1) If ida_simple_get() fails then this code calls put_device(carrier)\n but we haven't yet called get_device(carrier) and probably that\n leads to a use after free.\n2) After device_initialize() then we need to use put_device() to\n release the bus. This will free the internal resources tied to the\n device and call mcb_free_bus() which will free the rest."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:04:26.844Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47361", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:04:26.844Z", "dateReserved": "2024-05-21T14:58:30.809Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:03:29.882Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmcb: fix error handling in mcb_alloc_bus()\n\nThere are two bugs:\n1) If ida_simple_get() fails then this code calls put_device(carrier)\n but we haven't yet called get_device(carrier) and probably that\n leads to a use after free.\n2) After device_initialize() then we need to use put_device() to\n release the bus. This will free the internal resources tied to the\n device and call mcb_free_bus() which will free the rest."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mcb: corrige el manejo de errores en mcb_alloc_bus() Hay dos errores: 1) Si ida_simple_get() falla, entonces este c\u00f3digo llama a put_device(carrier) pero a\u00fan no hemos llamado a get_device( transportista) y probablemente eso conduzca a un uso posterior gratuito. 2) Despu\u00e9s de device_initialize() entonces necesitamos usar put_device() para liberar el bus. Esto liberar\u00e1 los recursos internos vinculados al dispositivo y llamar\u00e1 a mcb_free_bus() que liberar\u00e1 el resto."}], "id": "CVE-2021-47361", "lastModified": "2024-05-21T16:54:26.047", "metrics": {}, "published": "2024-05-21T15:15:22.283", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952cb6dbae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: mcb: fix error handling in mcb_alloc_bus()", "id": "2282388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282388"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmcb: fix error handling in mcb_alloc_bus()\nThere are two bugs:\n1) If ida_simple_get() fails then this code calls put_device(carrier)\nbut we haven't yet called get_device(carrier) and probably that\nleads to a use after free.\n2) After device_initialize() then we need to use put_device() to\nrelease the bus. This will free the internal resources tied to the\ndevice and call mcb_free_bus() which will free the rest."], "name": "CVE-2021-47361", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47361\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47361\nhttps://lore.kernel.org/linux-cve-announce/2024052137-CVE-2021-47361-855d@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 4.9.285, kernel 4.14.249, kernel 4.19.209, kernel 5.4.150, kernel 5.10.70, kernel 5.14.9, kernel 5.15"}