cve/published/2021/CVE-2021-47653.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: davinci: vpif: fix use-after-free on driver unbind\n\nThe driver allocates and registers two platform device structures during\nprobe, but the devices were never deregistered on driver unbind.\n\nThis results in a use-after-free on driver unbind as the device\nstructures were allocated using devres and would be freed by driver\ncore when remove() returns.\n\nFix this by adding the missing deregistration calls to the remove()\ncallback and failing probe on registration errors.\n\nNote that the platform device structures must be freed using a proper\nrelease callback to avoid leaking associated resources like device\nnames."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/media/platform/davinci/vpif.c"
                ],
                "versions": [
                   {
                      "version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
                      "lessThan": "6512c3c39cb6b573b791ce45365818a38b76afbe",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
                      "lessThan": "b5a3bb7f6f164eb6ee74ef4898dcd019b2063448",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
                      "lessThan": "9ffc602e14d7b9f7e7cb2f67e18dfef9ef8af676",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
                      "lessThan": "43acb728bbc40169d2e2425e84a80068270974be",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/media/platform/davinci/vpif.c"
                ],
                "versions": [
                   {
                      "version": "4.13",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "4.13",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.15.54",
                      "lessThanOrEqual": "5.15.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.16.19",
                      "lessThanOrEqual": "5.16.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.17.2",
                      "lessThanOrEqual": "5.17.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.18",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "4.13",
                            "versionEndExcluding": "5.15.54"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "4.13",
                            "versionEndExcluding": "5.16.19"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "4.13",
                            "versionEndExcluding": "5.17.2"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "4.13",
                            "versionEndExcluding": "5.18"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/6512c3c39cb6b573b791ce45365818a38b76afbe"
             },
             {
                "url": "https://git.kernel.org/stable/c/b5a3bb7f6f164eb6ee74ef4898dcd019b2063448"
             },
             {
                "url": "https://git.kernel.org/stable/c/9ffc602e14d7b9f7e7cb2f67e18dfef9ef8af676"
             },
             {
                "url": "https://git.kernel.org/stable/c/43acb728bbc40169d2e2425e84a80068270974be"
             }
          ],
          "title": "media: davinci: vpif: fix use-after-free on driver unbind",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2021-47653",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: davinci: vpif: fix use-after-free on driver unbind\n\nThe driver allocates and registers two platform device structures during\nprobe, but the devices were never deregistered on driver unbind.\n\nThis results in a use-after-free on driver unbind as the device\nstructures were allocated using devres and would be freed by driver\ncore when remove() returns.\n\nFix this by adding the missing deregistration calls to the remove()\ncallback and failing probe on registration errors.\n\nNote that the platform device structures must be freed using a proper\nrelease callback to avoid leaking associated resources like device\nnames."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/media/platform/davinci/vpif.c"
	],
	"versions": [
	{
	"version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
	"lessThan": "6512c3c39cb6b573b791ce45365818a38b76afbe",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
	"lessThan": "b5a3bb7f6f164eb6ee74ef4898dcd019b2063448",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
	"lessThan": "9ffc602e14d7b9f7e7cb2f67e18dfef9ef8af676",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
	"lessThan": "43acb728bbc40169d2e2425e84a80068270974be",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/media/platform/davinci/vpif.c"
	],
	"versions": [
	{
	"version": "4.13",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "4.13",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.15.54",
	"lessThanOrEqual": "5.15.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.16.19",
	"lessThanOrEqual": "5.16.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.17.2",
	"lessThanOrEqual": "5.17.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.18",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "4.13",
	"versionEndExcluding": "5.15.54"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "4.13",
	"versionEndExcluding": "5.16.19"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "4.13",
	"versionEndExcluding": "5.17.2"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "4.13",
	"versionEndExcluding": "5.18"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/6512c3c39cb6b573b791ce45365818a38b76afbe"
	},
	{
	"url": "https://git.kernel.org/stable/c/b5a3bb7f6f164eb6ee74ef4898dcd019b2063448"
	},
	{
	"url": "https://git.kernel.org/stable/c/9ffc602e14d7b9f7e7cb2f67e18dfef9ef8af676"
	},
	{
	"url": "https://git.kernel.org/stable/c/43acb728bbc40169d2e2425e84a80068270974be"
	}
	],
	"title": "media: davinci: vpif: fix use-after-free on driver unbind",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2021-47653",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}