CVE-2021-47500

Published: May 24, 2024Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: iio: mma8452: Fix trigger reference couting The mma8452 driver directly assigns a trigger to the struct iio_dev. The IIO core when done using this trigger will call `iio_trigger_put()` to drop the reference count by 1. Without the matching `iio_trigger_get()` in the driver the reference count can reach 0 too early, the trigger gets freed while still in use and a use-after-free occurs. Fix this by getting a reference to the trigger before assigning it to the IIO device.

Affected (11)

Products: Linux: Linux Kernel

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.10 to 4.14.258
Linux Linux Kernel	From 4.15 to 4.19.221
Linux Linux Kernel	From 4.2 to 4.4.295
Linux Linux Kernel	From 4.20 to 5.4.165
Linux Linux Kernel	From 4.5 to 4.9.293
Linux Linux Kernel	From 5.11 to 5.15.8
Linux Linux Kernel	From 5.5 to 5.10.85
Linux Linux Kernel	Version 5.15 rc1
Linux Linux Kernel	Version 5.15 rc2
Linux Linux Kernel	Version 5.15 rc3
Linux Linux Kernel	Version 5.15 rc4

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (16)

https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.