CVE-2021-46959

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free vulnerability has been resolved in the Linux kernel. The issue occurs when the devres list is torn down during spi unregister controller(), causing devices registered with devm spi alloc {master,slave}() to be mistakenly identified as legacy, non-devm managed devices. This leads to their reference counters being decremented below 0. The vulnerability is related to the devm spi release controller() function and the devres release all() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.