Vulnerability Details : CVE-2021-46979
In the Linux kernel, the following vulnerability has been resolved:
iio: core: fix ioctl handlers removal
Currently ioctl handlers are removed twice. For the first time during
iio_device_unregister() then later on inside
iio_device_unregister_eventset() and iio_buffers_free_sysfs_and_mask().
Double free leads to kernel panic.
Fix this by not touching ioctl handlers list directly but rather
letting code responsible for registration call the matching cleanup
routine itself.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-46979
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-46979
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-46979
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | 2024-12-31 |
CWE ids for CVE-2021-46979
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-46979
-
https://git.kernel.org/stable/c/11e1cae5da4096552f7c091476cbadbc0d1817da
iio: core: fix ioctl handlers removal - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/901f84de0e16bde10a72d7eb2f2eb73fcde8fa1a
iio: core: fix ioctl handlers removal - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/ab6c935ba3a04317632f3b8b68675bdbaf395303
iio: core: fix ioctl handlers removal - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to