CVE-2021-47205

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some clock operation tries to perform MMIO. Fix this by separating the CCU initialization from the memory allocation, and then using a devres callback to unregister the clocks and resets. This also fixes a memory leak of the `struct ccu_reset`, and uses the correct owner (the specific platform driver) for the clocks and resets. Early OF clock providers are never unregistered, and limited error handling is possible, so they are mostly unchanged. The error reporting is made more consistent by moving the message inside of_sunxi_ccu_probe.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/9bec2b9c6134052994115d2d3374e96f2ccb9b9d	Mailing List Patch
https://git.kernel.org/stable/c/b5dd513daa70ee8f6d281a20bd28485ee9bb7db2	Mailing List Patch
https://git.kernel.org/stable/c/9bec2b9c6134052994115d2d3374e96f2ccb9b9d	Mailing List Patch
https://git.kernel.org/stable/c/b5dd513daa70ee8f6d281a20bd28485ee9bb7db2	Mailing List Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-04-10 19:15

Updated : 2025-03-04 15:27

NVD link : CVE-2021-47205

Mitre link : CVE-2021-47205

CVE.ORG link : CVE-2021-47205

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2021-47205", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-04-10T19:15:48.310", "references": [{"url": "https://git.kernel.org/stable/c/9bec2b9c6134052994115d2d3374e96f2ccb9b9d", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b5dd513daa70ee8f6d281a20bd28485ee9bb7db2", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9bec2b9c6134052994115d2d3374e96f2ccb9b9d", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b5dd513daa70ee8f6d281a20bd28485ee9bb7db2", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: Unregister clocks/resets when unbinding\n\nCurrently, unbinding a CCU driver unmaps the device's MMIO region, while\nleaving its clocks/resets and their providers registered. This can cause\na page fault later when some clock operation tries to perform MMIO. Fix\nthis by separating the CCU initialization from the memory allocation,\nand then using a devres callback to unregister the clocks and resets.\n\nThis also fixes a memory leak of the `struct ccu_reset`, and uses the\ncorrect owner (the specific platform driver) for the clocks and resets.\n\nEarly OF clock providers are never unregistered, and limited error\nhandling is possible, so they are mostly unchanged. The error reporting\nis made more consistent by moving the message inside of_sunxi_ccu_probe."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: sunxi-ng: Anular el registro de relojes/reinicios al desvincular Actualmente, desvincular un controlador CCU anula la asignaci\u00f3n de la regi\u00f3n MMIO del dispositivo, mientras que deja sus relojes/reinicios y sus proveedores registrados. Esto puede causar una falla de p\u00e1gina m\u00e1s adelante cuando alguna operaci\u00f3n de reloj intenta realizar MMIO. Solucione esto separando la inicializaci\u00f3n de CCU de la asignaci\u00f3n de memoria y luego usando una devoluci\u00f3n de llamada devres para anular el registro de los relojes y reinicios. Esto tambi\u00e9n corrige una p\u00e9rdida de memoria de `struct ccu_reset` y usa el propietario correcto (el controlador de plataforma espec\u00edfico) para los relojes y reinicios. Los primeros proveedores de reloj OF nunca se anulan del registro y es posible un manejo de errores limitado, por lo que en su mayor\u00eda no se modifican. El informe de errores se hace m\u00e1s consistente moviendo el mensaje dentro de of_sunxi_ccu_probe."}], "lastModified": "2025-03-04T15:27:32.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2845F69-264B-45BD-B7E7-D12B24338382", "versionEndExcluding": "5.15.5"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}