一、 漏洞 CVE-2021-47653 基础信息
漏洞标题
多媒体: davinci: vpif: 修复驱动解绑后的use-after-free漏洞
来源:AIGC 神龙大模型
漏洞描述信息
在 Linux 内核中,已修复以下漏洞: 媒体:davinci:vpif:解决驱动解绑时的释放后使用问题 该驱动在探测过程中分配并注册了两个平台设备结构,但在驱动解绑时从未注销这些设备。 这导致了驱动解绑时的释放后使用问题,因为设备结构是通过 devres 分配的,当 remove() 返回时将由驱动核心释放。 通过在 remove() 回调中添加缺少的注销调用,并在注册错误时使探测失败来解决此问题。 注意,必须使用适当的释放回调来释放平台设备结构,以避免泄漏设备名称等相关资源。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
释放后使用
来源:AIGC 神龙大模型
漏洞标题
media: davinci: vpif: fix use-after-free on driver unbind
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: media: davinci: vpif: fix use-after-free on driver unbind The driver allocates and registers two platform device structures during probe, but the devices were never deregistered on driver unbind. This results in a use-after-free on driver unbind as the device structures were allocated using devres and would be freed by driver core when remove() returns. Fix this by adding the missing deregistration calls to the remove() callback and failing probe on registration errors. Note that the platform device structures must be freed using a proper release callback to avoid leaking associated resources like device names.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2021-47653 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2021-47653 的情报信息

  • 标题: media: davinci: vpif: fix use-after-free on driver unbind - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    media: davinci: vpif: fix use-after-free on driver unbind - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: media: davinci: vpif: fix use-after-free on driver unbind - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    media: davinci: vpif: fix use-after-free on driver unbind - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: media: davinci: vpif: fix use-after-free on driver unbind - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    media: davinci: vpif: fix use-after-free on driver unbind - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: media: davinci: vpif: fix use-after-free on driver unbind - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    media: davinci: vpif: fix use-after-free on driver unbind - kernel/git/stable/linux.git - Linux kernel stable tree
  • https://nvd.nist.gov/vuln/detail/CVE-2021-47653