PT-2021-8082 · Linux+4 · Linux Kernel+4

Vincent Pelletier

·

Published

2021-12-21

·

Updated

2024-08-19

·

CVE-2021-46933

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.3-1
Description The vulnerability is related to a refcount underflow in the ffs data clear function of the usb f fs module. When userland closes ep0 and then unmounts f fs, ffs data clear is indirectly called twice, causing eventfd ctx put to be called multiple times and resulting in a refcount underflow. This can lead to a use-after-free error. The issue is resolved by NULL-ifying ffs eventfd to prevent extraneous eventfd ctx put calls.
Recommendations To resolve the issue, update the Linux kernel to version 5.15.3-1 or later. As a temporary workaround, consider disabling the ffs data clear function until a patch is available. However, this may have unintended consequences and should be used with caution.
Note: The provided information does not specify the exact versions affected, but based on the data, it appears that versions prior to 5.15.3-1 are vulnerable.

Exploit

Fix

NULL Pointer Dereference

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-416

Related Identifiers

BDU:2024-06347
CVE-2021-46933
OPENSUSE-SU-2024_1321-1
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1489-1
OPENSUSE-SU-2024_1490-1
SUSE-SU-2024:1320-1
SUSE-SU-2024:1321-1
SUSE-SU-2024:1465-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1489-1
SUSE-SU-2024:1490-1
SUSE-SU-2024:1979-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2184-1
USN-6938-1

Affected Products

Astra Linux
Linux Kernel
Red Os
Suse
Ubuntu