| The vulnerability, identified as CVE-2021-47051, is a reference leak in the `lpspi_prepare_xfer_hardware()` function of the Freescale LPSPI (Local Parallel Slave Interface) SPI driver. The issue arises from the incorrect use of `pm_runtime_get_sync()`, which increments the power management (PM) usage counter even if it fails. This can lead to a reference leak, as the `pm_runtime_put_sync()` operation is not performed when `pm_runtime_get_sync()` fails. |
| |
| To fix this vulnerability, the Linux kernel developers replaced `pm_runtime_get_sync()` with `pm_runtime_resume_and_get()`, ensuring that the PM usage counter remains balanced. The fix was introduced in kernel versions 5.4.119, 5.10.37, 5.11.21, and 5.12.4, respectively. |
| |
| The affected file is `drivers/spi/spi-fsl-lpspi.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported in isolation. However, if updating is not possible, the individual commits resolving this issue can be found at the provided Git commit links. |
| |
