Description

In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcb_alloc_bus() There are two bugs: 1) If ida_simple_get() fails then this code calls put_device(carrier) but we haven't yet called get_device(carrier) and probably that leads to a use after free. 2) After device_initialize() then we need to use put_device() to release the bus. This will free the internal resources tied to the device and call mcb_free_bus() which will free the rest.

INFO

Published Date :

2024-05-21T15:03:29.882Z

Last Modified :

2025-05-04T07:09:21.641Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2021-47361 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-47361.

URL Resource
https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f cve-icon cve-icon
https://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952cb6dbae cve-icon cve-icon
https://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b cve-icon cve-icon
https://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0 cve-icon cve-icon
https://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea cve-icon cve-icon
https://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0 cve-icon cve-icon
https://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024052137-CVE-2021-47361-855d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-47361 cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-47361 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact