CVE-2021-47479

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-47479
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47479.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-47479
Downstream
Related
Published
2024-05-22T09:15:09.817Z
Modified
2026-03-13T05:18:10.580842Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8712: fix use-after-free in rtl8712dlfw

Syzbot reported use-after-free in rtl8712dlfw(). The problem was in race condition between r871xudevremove() ->ndo_open() callback.

It's easy to see from crash log, that driver accesses released firmware in ->ndoopen() callback. It may happen, since driver was releasing firmware before unregistering netdev. Fix it by moving unregisternetdev() before cleaning up resources.

Call Trace: ... rtl871xopenfw drivers/staging/rtl8712/halinit.c:83 [inline] rtl8712dlfw+0xd95/0xe10 drivers/staging/rtl8712/halinit.c:170 rtl8712halinit drivers/staging/rtl8712/halinit.c:330 [inline] rtl871xhalinit+0xae/0x180 drivers/staging/rtl8712/halinit.c:394 netdevopen+0xe6/0x6c0 drivers/staging/rtl8712/osintfs.c:380 _devopen+0x2bc/0x4d0 net/core/dev.c:1484

Freed by task 1306: ... releasefirmware+0x1b/0x30 drivers/base/firmwareloader/main.c:1053 r871xudevremove+0xcc/0x2c0 drivers/staging/rtl8712/usbintf.c:599 usbunbind_interface+0x1d8/0x8d0 drivers/usb/core/driver.c:458

References

Affected packages

Git /

Affected ranges

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47479.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "3.2.6"
            },
            {
                "fixed": "3.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "3.3.1"
            },
            {
                "fixed": "5.10.79"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.11"
            },
            {
                "fixed": "5.14.18"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.15"
            },
            {
                "fixed": "5.15.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.3-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.3-rc4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.3-rc5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.3-rc6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.3-rc7"
            }
        ]
    }
]