CVE-2021-47403

In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix module reference leak A reference to the carrier module was taken on every open but was only released once when the final reference to the tty struct was dropped. Fix this by taking the module reference and initialising the tty driver data when installing the tty.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/31398849b84ebae0d43a1cf379cb9895597f221a
https://git.kernel.org/stable/c/3253c87e1e5bc0107aab773af2f135ebccf38666
https://git.kernel.org/stable/c/7cea848678470daadbfdaa6a112b823c290f900c
https://git.kernel.org/stable/c/811178f296b16af30264def74c8d2179a72d5562
https://git.kernel.org/stable/c/9c5b77a7ffc983b2429ce158b50497c5d3c86a69
https://git.kernel.org/stable/c/bb8a4fcb2136508224c596a7e665bdba1d7c3c27
https://git.kernel.org/stable/c/c0adb5a947dec6cff7050ec56d78ecd3916f9ce6
https://git.kernel.org/stable/c/dde4c1429b97383689f755ce92b4ed1e84a9c92b

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-21 15:15

Updated : 2024-07-03 01:37

NVD link : CVE-2021-47403

Mitre link : CVE-2021-47403

CVE.ORG link : CVE-2021-47403

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-47403", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T15:15:25.803", "references": [{"url": "https://git.kernel.org/stable/c/31398849b84ebae0d43a1cf379cb9895597f221a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3253c87e1e5bc0107aab773af2f135ebccf38666", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7cea848678470daadbfdaa6a112b823c290f900c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/811178f296b16af30264def74c8d2179a72d5562", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9c5b77a7ffc983b2429ce158b50497c5d3c86a69", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bb8a4fcb2136508224c596a7e665bdba1d7c3c27", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c0adb5a947dec6cff7050ec56d78ecd3916f9ce6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dde4c1429b97383689f755ce92b4ed1e84a9c92b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipack: ipoctal: fix module reference leak\n\nA reference to the carrier module was taken on every open but was only\nreleased once when the final reference to the tty struct was dropped.\n\nFix this by taking the module reference and initialising the tty driver\ndata when installing the tty."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ipack: ipoctal: reparar fuga de referencia del m\u00f3dulo. Se tom\u00f3 una referencia al m\u00f3dulo portador en cada apertura, pero solo se public\u00f3 una vez cuando se elimin\u00f3 la referencia final a la estructura tty. Solucione este problema tomando la referencia del m\u00f3dulo e inicializando los datos del controlador tty al instalar el tty."}], "lastModified": "2024-07-03T01:37:52.627", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}