CVE-2021-47169

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.19.177-gdba4159c14ef-dirty #45

Description The vulnerability is related to the use of 'request firmware nowait' instead of 'request firmware' in the 'rp2 probe' function. This can cause a NULL pointer dereference or other bugs when an interrupt occurs and the interrupt handler function 'rp2 uart interrupt' accesses uninitialized ports of 'rp2 card'. The issue arises because the driver does some initialization work in 'rp2 fw cb', which is called through 'request firmware nowait', and if the firmware does not exist, the function returns without initializing the ports. To fix this, 'request firmware' should be used instead of 'request firmware nowait' to ensure the driver is ready to handle interrupts.

Recommendations To resolve the issue, update the Linux kernel to a version that uses 'request firmware' instead of 'request firmware nowait' in the 'rp2 probe' function. As a temporary workaround, consider disabling the 'rp2 uart interrupt' function until a patch is available.