PT-2025-7964 · Linux+4 · Linux Kernel+4
Johan Hovold
·
Published
2021-01-01
·
Updated
2026-03-14
·
CVE-2021-47653
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A use-after-free issue was found in the Linux kernel's media subsystem, specifically in the davinci vpif driver. The driver allocates and registers two platform device structures during probe but fails to deregister them on driver unbind. This results in a use-after-free when the device structures are freed by the driver core. The issue is caused by the lack of proper deregistration calls in the remove() callback and the failure to handle registration errors during probe.
Recommendations
To resolve this issue, add the missing deregistration calls to the remove() callback and ensure that the platform device structures are freed using a proper release callback to avoid resource leaks. Additionally, fail the probe on registration errors to prevent the driver from being used in an inconsistent state.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Linux Kernel
Red Os
Suse