CVE-2021-47239

UNKNOWN

Published 2024-05-21T14:19:39.705Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-47239. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

net: usb: fix possible use-after-free in smsc75xx_bind

The commit 46a8b29c6306 ("net: usb: fix memory leak in smsc75xx_bind")
fails to clean up the work scheduled in smsc75xx_reset->
smsc75xx_set_multicast, which leads to use-after-free if the work is
scheduled to start after the deallocation. In addition, this patch
also removes a dangling pointer - dev->data[0].

This patch calls cancel_work_sync to cancel the scheduled work and set
the dangling pointer to NULL.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

200dbfcad8011e50c3cec269ed7b980836eeb1fa 22c840596af0c09068b6cf948616e6496e59e07f 9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc 9e6a3eccb28779710cbbafc4f4258d92509c6d07 b95fb96e6339e34694dd578fb6bde3575b01af17 635ac38b36255d3cfb8312cf7c471334f4d537e0 70c886ac93f87ae7214a0c69151a28a8075dd95b 46a8b29c6306d8bbfd92b614ef65a47c900d8e70

Linux

Affected Versions:

4.4.271 4.9.271 4.14.235 4.19.193 5.4.124 5.10.42 5.12.9

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-747f-wh5x-mp2p

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: net: usb: fix possible use-after-free in smsc75xx_bind The commit 46a8b29c6306 ("net: usb: fix memory leak in smsc75xx_bind") fails to clean up the work scheduled in smsc75xx_reset-> smsc75xx_set_multicast, which leads to use-after-free if the work is scheduled to start after the deallocation. In addition, this patch also removes a dangling pointer - dev->data[0]. This patch calls cancel_work_sync to cancel the scheduled work and set the dangling pointer to NULL.

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-47239

WEB https://git.kernel.org/stable/c/14616c372a7be01a2fb8c56c9d8debd232b9e43d

WEB https://git.kernel.org/stable/c/2fc8300c9cfa5167fcb5b1a2a07db6f53e82f59b

WEB https://git.kernel.org/stable/c/4252bf6c2b245f47011098113d405ffad6ad5d5b

WEB https://git.kernel.org/stable/c/56b786d86694e079d8aad9b314e015cd4ac02a3d

WEB https://git.kernel.org/stable/c/570a52cf3e01d19f7fd1a251dfc52b0cd86c13cb

WEB https://git.kernel.org/stable/c/64160d1741a3de5204d1a822e058e0b4cc526504

WEB https://git.kernel.org/stable/c/7cc8b2e05fcea6edd022d26e82091d781af8fd9b

WEB https://git.kernel.org/stable/c/c4e3be2e7742863e454ce31faf8fd0109c00050b

Advisory provided by GitHub Security Advisory Database. Published: May 21, 2024, Modified: December 30, 2024

References

https://git.kernel.org/stable/c/7cc8b2e05fcea6edd022d26e82091d781af8fd9b

https://git.kernel.org/stable/c/64160d1741a3de5204d1a822e058e0b4cc526504

https://git.kernel.org/stable/c/c4e3be2e7742863e454ce31faf8fd0109c00050b

https://git.kernel.org/stable/c/2fc8300c9cfa5167fcb5b1a2a07db6f53e82f59b

https://git.kernel.org/stable/c/4252bf6c2b245f47011098113d405ffad6ad5d5b

https://git.kernel.org/stable/c/570a52cf3e01d19f7fd1a251dfc52b0cd86c13cb

https://git.kernel.org/stable/c/14616c372a7be01a2fb8c56c9d8debd232b9e43d

https://git.kernel.org/stable/c/56b786d86694e079d8aad9b314e015cd4ac02a3d

Published: 2024-05-21T14:19:39.705Z

Last Modified: 2025-05-04T07:06:56.591Z

Copied to clipboard!

CVE-2021-47239

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!