PT-2021-8047 · Linux+2 · Linux Kernel+2

Johan Hovold

Published

2021-11-25

Updated

2024-08-19

CVE-2021-47525

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free and memory leak in the Linux kernel's LiteUART driver. The vulnerability is associated with the liteuart remove() function in the drivers/tty/serial/liteuart.c module. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The problem occurs when the port is not deregistered during the unbinding of the driver, leading to the use of released driver data and memory leaks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-04568

CVE-2021-47525

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Linux Kernel

Red Os

Suse

PT-2021-8047 · Linux+2 · Linux Kernel+2

CVE-2021-47525

Weakness Enumeration

Related Identifiers

Affected Products

References · 1246