CVE-2021-47500 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: iio: mma8452: Fix trigger reference couting The mma8452 driver directly assigns a trigger to the struct iio_dev. The IIO core when done using this trigger will call `iio_trigger_put()` to drop the reference count by 1. Without the matching `iio_trigger_get()` in the driver the reference count can reach 0 too early, the trigger gets freed while still in use and a use-after-free occurs. Fix this by getting a reference to the trigger before assigning it to the IIO device.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba
https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb
https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e
https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739
https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892
https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1
https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8
https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96
https://nvd.nist.gov/vuln/detail/CVE-2021-47500
https://www.cve.org/CVERecord?id=CVE-2021-47500

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-24T15:01:43.362Z

Updated: 2024-11-04T12:07:07.793Z

Reserved: 2024-05-22T06:20:56.204Z

Link: CVE-2021-47500

Vulnrichment

Updated: 2024-08-04T05:39:59.752Z

NVD

Status : Awaiting Analysis

Published: 2024-05-24T15:15:09.900

Modified: 2024-05-24T18:09:20.027

Link: CVE-2021-47500

Redhat

Severity : Moderate

Publid Date: 2024-05-24T00:00:00Z

Links: CVE-2021-47500 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47500", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-22T06:20:56.204Z", "datePublished": "2024-05-24T15:01:43.362Z", "dateUpdated": "2024-11-04T12:07:07.793Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:07:07.793Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: mma8452: Fix trigger reference couting\n\nThe mma8452 driver directly assigns a trigger to the struct iio_dev. The\nIIO core when done using this trigger will call `iio_trigger_put()` to drop\nthe reference count by 1.\n\nWithout the matching `iio_trigger_get()` in the driver the reference count\ncan reach 0 too early, the trigger gets freed while still in use and a\nuse-after-free occurs.\n\nFix this by getting a reference to the trigger before assigning it to the\nIIO device."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/accel/mma8452.c"], "versions": [{"version": "ae6d9ce05691", "lessThan": "094d513b78b1", "status": "affected", "versionType": "git"}, {"version": "ae6d9ce05691", "lessThan": "fb75cc4740d8", "status": "affected", "versionType": "git"}, {"version": "ae6d9ce05691", "lessThan": "794c0898f6bf", "status": "affected", "versionType": "git"}, {"version": "ae6d9ce05691", "lessThan": "f5deab10ced3", "status": "affected", "versionType": "git"}, {"version": "ae6d9ce05691", "lessThan": "acf0088ac073", "status": "affected", "versionType": "git"}, {"version": "ae6d9ce05691", "lessThan": "db12d9508536", "status": "affected", "versionType": "git"}, {"version": "ae6d9ce05691", "lessThan": "c43517071dfc", "status": "affected", "versionType": "git"}, {"version": "ae6d9ce05691", "lessThan": "cd0082235783", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/accel/mma8452.c"], "versions": [{"version": "4.2", "status": "affected"}, {"version": "0", "lessThan": "4.2", "status": "unaffected", "versionType": "semver"}, {"version": "4.4.295", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.293", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.258", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.221", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.165", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.85", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.8", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba"}, {"url": "https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96"}, {"url": "https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb"}, {"url": "https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8"}, {"url": "https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e"}, {"url": "https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1"}, {"url": "https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739"}, {"url": "https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892"}], "title": "iio: mma8452: Fix trigger reference couting", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.752Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47500", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:35:45.977945Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:32:52.849Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.752Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47500", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:35:45.977945Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:13.213Z"}}], "cna": {"title": "iio: mma8452: Fix trigger reference couting", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "ae6d9ce05691", "lessThan": "094d513b78b1", "versionType": "git"}, {"status": "affected", "version": "ae6d9ce05691", "lessThan": "fb75cc4740d8", "versionType": "git"}, {"status": "affected", "version": "ae6d9ce05691", "lessThan": "794c0898f6bf", "versionType": "git"}, {"status": "affected", "version": "ae6d9ce05691", "lessThan": "f5deab10ced3", "versionType": "git"}, {"status": "affected", "version": "ae6d9ce05691", "lessThan": "acf0088ac073", "versionType": "git"}, {"status": "affected", "version": "ae6d9ce05691", "lessThan": "db12d9508536", "versionType": "git"}, {"status": "affected", "version": "ae6d9ce05691", "lessThan": "c43517071dfc", "versionType": "git"}, {"status": "affected", "version": "ae6d9ce05691", "lessThan": "cd0082235783", "versionType": "git"}], "programFiles": ["drivers/iio/accel/mma8452.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.2"}, {"status": "unaffected", "version": "0", "lessThan": "4.2", "versionType": "semver"}, {"status": "unaffected", "version": "4.4.295", "versionType": "semver", "lessThanOrEqual": "4.4.*"}, {"status": "unaffected", "version": "4.9.293", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.258", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.221", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.165", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.85", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.8", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/iio/accel/mma8452.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba"}, {"url": "https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96"}, {"url": "https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb"}, {"url": "https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8"}, {"url": "https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e"}, {"url": "https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1"}, {"url": "https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739"}, {"url": "https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: mma8452: Fix trigger reference couting\n\nThe mma8452 driver directly assigns a trigger to the struct iio_dev. The\nIIO core when done using this trigger will call `iio_trigger_put()` to drop\nthe reference count by 1.\n\nWithout the matching `iio_trigger_get()` in the driver the reference count\ncan reach 0 too early, the trigger gets freed while still in use and a\nuse-after-free occurs.\n\nFix this by getting a reference to the trigger before assigning it to the\nIIO device."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:07:07.793Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47500", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:07:07.793Z", "dateReserved": "2024-05-22T06:20:56.204Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-24T15:01:43.362Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: mma8452: Fix trigger reference couting\n\nThe mma8452 driver directly assigns a trigger to the struct iio_dev. The\nIIO core when done using this trigger will call `iio_trigger_put()` to drop\nthe reference count by 1.\n\nWithout the matching `iio_trigger_get()` in the driver the reference count\ncan reach 0 too early, the trigger gets freed while still in use and a\nuse-after-free occurs.\n\nFix this by getting a reference to the trigger before assigning it to the\nIIO device."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: mma8452: correcci\u00f3n del c\u00e1lculo de referencia del disparador El controlador mma8452 asigna directamente un disparador a la estructura iio_dev. El n\u00facleo de IIO, cuando termine de usar este activador, llamar\u00e1 a `iio_trigger_put()` para reducir el recuento de referencias en 1. Sin el `iio_trigger_get()` coincidente en el controlador, el recuento de referencias puede llegar a 0 demasiado pronto, el activador se libera mientras a\u00fan est\u00e1 en se produce un uso y un use-after-free. Solucione este problema obteniendo una referencia al disparador antes de asignarlo al dispositivo IIO."}], "id": "CVE-2021-47500", "lastModified": "2024-05-24T18:09:20.027", "metrics": {}, "published": "2024-05-24T15:15:09.900", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: iio: mma8452: Fix trigger reference couting", "id": "2283454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283454"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-911->CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\niio: mma8452: Fix trigger reference couting\nThe mma8452 driver directly assigns a trigger to the struct iio_dev. The\nIIO core when done using this trigger will call `iio_trigger_put()` to drop\nthe reference count by 1.\nWithout the matching `iio_trigger_get()` in the driver the reference count\ncan reach 0 too early, the trigger gets freed while still in use and a\nuse-after-free occurs.\nFix this by getting a reference to the trigger before assigning it to the\nIIO device."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-47500", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47500\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47500"], "statement": "Following issue marked as moderate with \"not affected\" for Red Hat Enterprise Linux, as it is not vulnerable to this CVE. This is because the CVE does not impact the versions or configurations of the Linux kernel used in Red Hat's distributions. Additionally, some RHEL versions may be marked as \"will not fix\" due to the minimal impact of the issue, and no fix will be provided.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.4.295, kernel 4.9.293, kernel 4.14.258, kernel 4.19.221, kernel 5.4.165, kernel 5.10.85, kernel 5.15.8, kernel 5.16"}