CVE-2021-47479

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47479
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47479.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47479
Related
Published
2024-05-22T09:15:09Z
Modified
2024-09-18T03:17:28.995682Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8712: fix use-after-free in rtl8712dlfw

Syzbot reported use-after-free in rtl8712dlfw(). The problem was in race condition between r871xudevremove() ->ndo_open() callback.

It's easy to see from crash log, that driver accesses released firmware in ->ndoopen() callback. It may happen, since driver was releasing firmware _before unregistering netdev. Fix it by moving unregister_netdev() before cleaning up resources.

Call Trace: ... rtl871xopenfw drivers/staging/rtl8712/halinit.c:83 [inline] rtl8712dlfw+0xd95/0xe10 drivers/staging/rtl8712/halinit.c:170 rtl8712halinit drivers/staging/rtl8712/halinit.c:330 [inline] rtl871xhalinit+0xae/0x180 drivers/staging/rtl8712/halinit.c:394 netdevopen+0xe6/0x6c0 drivers/staging/rtl8712/osintfs.c:380 _devopen+0x2bc/0x4d0 net/core/dev.c:1484

Freed by task 1306: ... releasefirmware+0x1b/0x30 drivers/base/firmwareloader/main.c:1053 r871xudevremove+0xcc/0x2c0 drivers/staging/rtl8712/usbintf.c:599 usbunbind_interface+0x1d8/0x8d0 drivers/usb/core/driver.c:458

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.84-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}