Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / published / 2021 / CVE-2021-47436.json
blob: e8d9e2593c6bf73d2a748995549081074c97dbed [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: dsps: Fix the probe error path\n\nCommit 7c75bde329d7 (\"usb: musb: musb_dsps: request_irq() after\ninitializing musb\") has inverted the calls to\ndsps_setup_optional_vbus_irq() and dsps_create_musb_pdev() without\nupdating correctly the error path. dsps_create_musb_pdev() allocates and\nregisters a new platform device which must be unregistered and freed\nwith platform_device_unregister(), and this is missing upon\ndsps_setup_optional_vbus_irq() error.\n\nWhile on the master branch it seems not to trigger any issue, I observed\na kernel crash because of a NULL pointer dereference with a v5.10.70\nstable kernel where the patch mentioned above was backported. With this\nkernel version, -EPROBE_DEFER is returned the first time\ndsps_setup_optional_vbus_irq() is called which triggers the probe to\nerror out without unregistering the platform device. Unfortunately, on\nthe Beagle Bone Black Wireless, the platform device still living in the\nsystem is being used by the USB Ethernet gadget driver, which during the\nboot phase triggers the crash.\n\nMy limited knowledge of the musb world prevents me to revert this commit\nwhich was sent to silence a robot warning which, as far as I understand,\ndoes not make sense. The goal of this patch was to prevent an IRQ to\nfire before the platform device being registered. I think this cannot\never happen due to the fact that enabling the interrupts is done by the\n->enable() callback of the platform musb device, and this platform\ndevice must be already registered in order for the core or any other\nuser to use this callback.\n\nHence, I decided to fix the error path, which might prevent future\nerrors on mainline kernels while also fixing older ones."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/usb/musb/musb_dsps.c"
],
"versions": [
{
"version": "5269937d1483d3159d5b51907346e4f4b13ef079",
"lessThan": "5ed60a430fb5f3d93e7fef66264daef466b4d10c",
"status": "affected",
"versionType": "git"
},
{
"version": "ffc825049ed2e8c849d318e987fd5073e0be462f",
"lessThan": "e923bce31ffefe4f60edfc6b84f62d4a858f3676",
"status": "affected",
"versionType": "git"
},
{
"version": "9a4a6805294fa7d2653e82972bdaf9e3e1f3d3c9",
"lessThan": "9ab5d539bc975b8dcde86eca1b58d836b657732e",
"status": "affected",
"versionType": "git"
},
{
"version": "8de01a896c1bc14b6b65b8d26013626597a45eda",
"lessThan": "9d89e287116796bf987cc48f5c8632ef3048f8eb",
"status": "affected",
"versionType": "git"
},
{
"version": "72bb3eafcfdd156713a3ea0c9c95d536bd6e6e55",
"lessThan": "ff9249aab39820be11b6975a10d94253b7d426fc",
"status": "affected",
"versionType": "git"
},
{
"version": "7c75bde329d7e2a93cf86a5c15c61f96f1446cdc",
"lessThan": "c2115b2b16421d93d4993f3fe4c520e91d6fe801",
"status": "affected",
"versionType": "git"
},
{
"version": "f5b4df24b4209cc3b9ccc768897415be18807e46",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/usb/musb/musb_dsps.c"
],
"versions": [
{
"version": "4.14.247",
"lessThan": "4.14.252",
"status": "affected",
"versionType": "semver"
},
{
"version": "4.19.207",
"lessThan": "4.19.213",
"status": "affected",
"versionType": "semver"
},
{
"version": "5.4.148",
"lessThan": "5.4.155",
"status": "affected",
"versionType": "semver"
},
{
"version": "5.10.67",
"lessThan": "5.10.75",
"status": "affected",
"versionType": "semver"
},
{
"version": "5.14.6",
"lessThan": "5.14.14",
"status": "affected",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.247",
"versionEndExcluding": "4.14.252"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.207",
"versionEndExcluding": "4.19.213"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.148",
"versionEndExcluding": "5.4.155"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.67",
"versionEndExcluding": "5.10.75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.6",
"versionEndExcluding": "5.14.14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.19"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5ed60a430fb5f3d93e7fef66264daef466b4d10c"
},
{
"url": "https://git.kernel.org/stable/c/e923bce31ffefe4f60edfc6b84f62d4a858f3676"
},
{
"url": "https://git.kernel.org/stable/c/9ab5d539bc975b8dcde86eca1b58d836b657732e"
},
{
"url": "https://git.kernel.org/stable/c/9d89e287116796bf987cc48f5c8632ef3048f8eb"
},
{
"url": "https://git.kernel.org/stable/c/ff9249aab39820be11b6975a10d94253b7d426fc"
},
{
"url": "https://git.kernel.org/stable/c/c2115b2b16421d93d4993f3fe4c520e91d6fe801"
}
],
"title": "usb: musb: dsps: Fix the probe error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2021-47436",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}