DEBIAN-CVE-2021-47479

Source
https://security-tracker.debian.org/tracker/CVE-2021-47479
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47479.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2021-47479
Upstream
Published
2024-05-22T09:15:09Z
Modified
2025-09-30T05:15:30.919949Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use-after-free in rtl8712dlfw Syzbot reported use-after-free in rtl8712dlfw(). The problem was in race condition between r871xudevremove() ->ndoopen() callback. It's easy to see from crash log, that driver accesses released firmware in ->ndoopen() callback. It may happen, since driver was releasing firmware before unregistering netdev. Fix it by moving unregisternetdev() before cleaning up resources. Call Trace: ... rtl871xopenfw drivers/staging/rtl8712/halinit.c:83 [inline] rtl8712dlfw+0xd95/0xe10 drivers/staging/rtl8712/halinit.c:170 rtl8712halinit drivers/staging/rtl8712/halinit.c:330 [inline] rtl871xhalinit+0xae/0x180 drivers/staging/rtl8712/halinit.c:394 netdevopen+0xe6/0x6c0 drivers/staging/rtl8712/osintfs.c:380 _devopen+0x2bc/0x4d0 net/core/dev.c:1484 Freed by task 1306: ... releasefirmware+0x1b/0x30 drivers/base/firmwareloader/main.c:1053 r871xudevremove+0xcc/0x2c0 drivers/staging/rtl8712/usbintf.c:599 usbunbindinterface+0x1d8/0x8d0 drivers/usb/core/driver.c:458

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.84-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}