CVE-2021-47334

HIGH

Linux Kernel < 4.4.276 - Use-After-Free in ibmasm_init_one Error Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are allocated by input_allocate_device(), and assigned to sp->remote.mouse_dev and sp->remote.keybd_dev respectively. In the err_free_devices error branch of ibmasm_init_one, mouse_dev and keybd_dev are freed by input_free_device(), and return error. Then the execution runs into error_send_message error branch of ibmasm_init_one, where ibmasm_free_remote_input_dev(sp) is called to unregister the freed sp->remote.mouse_dev and sp->remote.keybd_dev. My patch add a "error_init_remote" label to handle the error of ibmasm_init_remote_input_dev(), to avoid the uaf bugs.

Scores

CVSS v3 7.8
EPSS 0.0028
EPSS Percentile 19.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (21)
Linux/Linux < 2.6.16
Linux/Linux 2.6.16
Linux/Linux 4.14.240 - 4.14.*
Linux/Linux 4.19.198 - 4.19.*
Linux/Linux 4.4.276 - 4.4.*
Linux/Linux 4.9.276 - 4.9.*
Linux/Linux 5.10.52 - 5.10.*
Linux/Linux 5.12.19 - 5.12.*
Linux/Linux 5.13.4 - 5.13.*
Linux/Linux 5.14
... and 11 more
Published May 21, 2024
Tracked Since Feb 18, 2026