CVE-2021-47334

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to two use-after-free bugs in the ibmasm init one function. In this function, ibmasm init remote input dev() is called, which allocates mouse dev and keybd dev using input allocate device() and assigns them to sp->remote.mouse dev and sp->remote.keybd dev, respectively. When an error occurs, mouse dev and keybd dev are freed by input free device(), but then the execution proceeds to the error send message error branch, where ibmasm free remote input dev(sp) is called to unregister the already freed devices. A patch has been added to handle the error of ibmasm init remote input dev() by introducing an "error init remote" label to avoid these use-after-free bugs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.