In the Linux kernel, the following vulnerability has been resolved:
regmap: Fix possible double-free in regcache_rbtree_exit()
In regcache_rbtree_insert_to_block(), when 'present' realloc failed,
the 'blk' which is supposed to assign to 'rbnode->block' will be freed,
so 'rbnode->block' points a freed memory, in the error handling path of
regcache_rbtree_init(), 'rbnode->block' will be freed again in
regcache_rbtree_exit(), KASAN will report double-free as follows:
BUG: KASAN: double-free or invalid-free in kfree+0xce/0x390
Call Trace:
slab_free_freelist_hook+0x10d/0x240
kfree+0xce/0x390
regcache_rbtree_exit+0x15d/0x1a0
regcache_rbtree_init+0x224/0x2c0
regcache_init+0x88d/0x1310
__regmap_init+0x3151/0x4a80
__devm_regmap_init+0x7d/0x100
madera_spi_probe+0x10f/0x333 [madera_spi]
spi_probe+0x183/0x210
really_probe+0x285/0xc30
To fix this, moving up the assignment of rbnode->block to immediately after
the reallocation has succeeded so that the data structure stays valid even
if the second reallocation fails.
Metrics
Affected Vendors & Products
References
History
Mon, 06 Jan 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.15:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.15:rc7:*:*:*:*:*:* |
|
Vendors & Products |
Linux
Linux linux Kernel |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: Linux
Published: 2024-05-22T08:19:34.852Z
Updated: 2024-12-19T07:43:16.915Z
Reserved: 2024-05-22T06:20:56.200Z
Link: CVE-2021-47483

Updated: 2024-08-04T05:39:59.752Z

Status : Analyzed
Published: 2024-05-22T09:15:10.227
Modified: 2025-01-06T19:52:33.037
Link: CVE-2021-47483
