DEBIAN-CVE-2021-47549

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2021-47549

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47549.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-47549

Upstream

CVE-2021-47549

Published

2024-05-24T15:15:19Z

Modified

2025-09-19T07:32:50.122022Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: satafsl: fix UAF in satafslportstop when rmmod satafsl When the rmmod sata_fsl.ko command is executed in the PPC64 GNU/Linux, a bug is reported: ================================================================== BUG: Unable to handle kernel data access on read at 0x80000800805b502c Oops: Kernel access of bad area, sig: 11 [#1] NIP [c0000000000388a4] .ioread32+0x4/0x20 LR [80000000000c6034] .satafslportstop+0x44/0xe0 [satafsl] Call Trace: .freeirq+0x1c/0x4e0 (unreliable) .atahoststop+0x74/0xd0 [libata] .releasenodes+0x330/0x3f0 .devicereleasedriverinternal+0x178/0x2c0 .driverdetach+0x64/0xd0 .busremovedriver+0x70/0xf0 .driverunregister+0x38/0x80 .platformdriverunregister+0x14/0x30 .fslsatadriverexit+0x18/0xa20 [satafsl] ._sesysdeletemodule+0x1ec/0x2d0 .systemcallexception+0xfc/0x1f0 systemcallcommon+0xf8/0x200 ================================================================== The triggering of the BUG is shown in the following stack: driverdetach devicereleasedriverinternal _devicereleasedriver drv->remove(dev) --> platformdrvremove/platformremove drv->remove(dev) --> satafslremove iounmap(hostpriv->hcrbase); <---- unmap kfree(hostpriv); <---- free devresreleaseall releasenodes dr->node.release(dev, dr->data) --> atahoststop ap->ops->portstop(ap) --> satafslportstop ioread32(hcrbase + HCONTROL) <---- UAF host->ops->hoststop(host) The iounmap(hostpriv->hcrbase) and kfree(hostpriv) functions should not be executed in drv->remove. These functions should be executed in hoststop after portstop. Therefore, we move these functions to the new function satafslhoststop and bind the new function to host_stop.

References

https://security-tracker.debian.org/tracker/CVE-2021-47549

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.84-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}