| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022649-CVE-2021-47652-65fa@gregkh> Date: Wed, 26 Feb 2025 02:54:03 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47652: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() Description =========== In the Linux kernel, the following vulnerability has been resolved: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() I got a null-ptr-deref report: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:fb_destroy_modelist+0x38/0x100 ... Call Trace: ufx_usb_probe.cold+0x2b5/0xac1 [smscufx] usb_probe_interface+0x1aa/0x3c0 [usbcore] really_probe+0x167/0x460 ... ret_from_fork+0x1f/0x30 If fb_alloc_cmap() fails in ufx_usb_probe(), fb_destroy_modelist() will be called to destroy modelist in the error handling path. But modelist has not been initialized yet, so it will result in null-ptr-deref. Initialize modelist before calling fb_alloc_cmap() to fix this bug. The Linux kernel CVE team has assigned CVE-2021-47652 to this issue. Affected and fixed versions =========================== Issue introduced in 3.2 with commit 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 and fixed in 4.9.311 with commit d1b6a1f0c23b7164250479bf92e2893291dca539 Issue introduced in 3.2 with commit 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 and fixed in 4.14.276 with commit 0fd28daec73525382e5c992db8743bf76e42cd5c Issue introduced in 3.2 with commit 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 and fixed in 4.19.238 with commit dd3a6cc7385b89ec2303f39dfc3bafa4e24cec4b Issue introduced in 3.2 with commit 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 and fixed in 5.4.189 with commit da8b269cc0a2526ebeaccbe2484c999eb0f822cf Issue introduced in 3.2 with commit 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 and fixed in 5.10.110 with commit 64ec3e678d76419f207b9cdd338dda438ca10b1c Issue introduced in 3.2 with commit 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 and fixed in 5.15.33 with commit c420b540db4b5d69de0a36d8b9d9a6a79a04f05a Issue introduced in 3.2 with commit 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 and fixed in 5.16.19 with commit d396c651e2b508b6179bb678cc029f3becbf5170 Issue introduced in 3.2 with commit 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 and fixed in 5.17.2 with commit 9280ef235b05e8f19f8bc6d547b992f0a0ef398d Issue introduced in 3.2 with commit 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 and fixed in 5.18 with commit 1791f487f877a9e83d81c8677bd3e7b259e7cb27 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47652 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/video/fbdev/smscufx.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d1b6a1f0c23b7164250479bf92e2893291dca539 https://git.kernel.org/stable/c/0fd28daec73525382e5c992db8743bf76e42cd5c https://git.kernel.org/stable/c/dd3a6cc7385b89ec2303f39dfc3bafa4e24cec4b https://git.kernel.org/stable/c/da8b269cc0a2526ebeaccbe2484c999eb0f822cf https://git.kernel.org/stable/c/64ec3e678d76419f207b9cdd338dda438ca10b1c https://git.kernel.org/stable/c/c420b540db4b5d69de0a36d8b9d9a6a79a04f05a https://git.kernel.org/stable/c/d396c651e2b508b6179bb678cc029f3becbf5170 https://git.kernel.org/stable/c/9280ef235b05e8f19f8bc6d547b992f0a0ef398d https://git.kernel.org/stable/c/1791f487f877a9e83d81c8677bd3e7b259e7cb27
Powered by blists - more mailing lists