{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-46959","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-27T18:42:55.939Z","datePublished":"2024-02-29T22:31:12.304Z","dateUpdated":"2025-05-04T12:40:37.929Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:40:37.929Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix use-after-free with devm_spi_alloc_*\n\nWe can't rely on the contents of the devres list during\nspi_unregister_controller(), as the list is already torn down at the\ntime we perform devres_find() for devm_spi_release_controller. This\ncauses devices registered with devm_spi_alloc_{master,slave}() to be\nmistakenly identified as legacy, non-devm managed devices and have their\nreference counters decremented below 0.\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174\n[<b0396f04>] (refcount_warn_saturate) from [<b03c56a4>] (kobject_put+0x90/0x98)\n[<b03c5614>] (kobject_put) from [<b0447b4c>] (put_device+0x20/0x24)\n r4:b6700140\n[<b0447b2c>] (put_device) from [<b07515e8>] (devm_spi_release_controller+0x3c/0x40)\n[<b07515ac>] (devm_spi_release_controller) from [<b045343c>] (release_nodes+0x84/0xc4)\n r5:b6700180 r4:b6700100\n[<b04533b8>] (release_nodes) from [<b0454160>] (devres_release_all+0x5c/0x60)\n r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10\n[<b0454104>] (devres_release_all) from [<b044e41c>] (__device_release_driver+0x144/0x1ec)\n r5:b117ad94 r4:b163dc10\n[<b044e2d8>] (__device_release_driver) from [<b044f70c>] (device_driver_detach+0x84/0xa0)\n r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10\n[<b044f688>] (device_driver_detach) from [<b044d274>] (unbind_store+0xe4/0xf8)\n\nInstead, determine the devm allocation state as a flag on the\ncontroller which is guaranteed to be stable during cleanup."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/spi/spi.c","include/linux/spi/spi.h"],"versions":[{"version":"a4add022c1552b0d51a0b89a4781919d6ebac4f9","lessThan":"62bb2c7f2411a0045c24831f11ecacfc35610815","status":"affected","versionType":"git"},{"version":"0870525cf94bc27907e94ce99afb6d7239ffd2f5","lessThan":"8bf96425c90f5c1dcf3b7b9df568019a1d4b8a0e","status":"affected","versionType":"git"},{"version":"8c45a1c6c951bbe7f95db78fcab46f7337364468","lessThan":"8e029707f50a82c53172359c686b2536ab54e58c","status":"affected","versionType":"git"},{"version":"234b432c7b6184b2d6c5ba2c55f0dd5023c0edf0","lessThan":"28a5529068c51cdf0295ab1e11a99a3a909a03e4","status":"affected","versionType":"git"},{"version":"3e04a4976addbedcad326f47b0dd4efc570a1fac","lessThan":"001c8e83646ad3b847b18f6ac55a54367d917d74","status":"affected","versionType":"git"},{"version":"5e844cc37a5cbaa460e68f9a989d321d63088a89","lessThan":"c7fabe372a9031acd00498bc718ce27c253abfd1","status":"affected","versionType":"git"},{"version":"5e844cc37a5cbaa460e68f9a989d321d63088a89","lessThan":"cee78aa24578edac8cf00513dca618c0acc17cd7","status":"affected","versionType":"git"},{"version":"5e844cc37a5cbaa460e68f9a989d321d63088a89","lessThan":"8735248ebb918d25427965f0db07939ed0473ec6","status":"affected","versionType":"git"},{"version":"5e844cc37a5cbaa460e68f9a989d321d63088a89","lessThan":"794aaf01444d4e765e2b067cba01cc69c1c68ed9","status":"affected","versionType":"git"},{"version":"bd1a5b2307279029faaddbecf2f2ac25eaef8dc6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/spi/spi.c","include/linux/spi/spi.h"],"versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","status":"unaffected","versionType":"semver"},{"version":"4.4.271","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.271","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.233","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.191","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.119","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.37","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.11.21","lessThanOrEqual":"5.11.*","status":"unaffected","versionType":"semver"},{"version":"5.12.4","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.248","versionEndExcluding":"4.4.271"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.248","versionEndExcluding":"4.9.271"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.212","versionEndExcluding":"4.14.233"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.163","versionEndExcluding":"4.19.191"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.80","versionEndExcluding":"5.4.119"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.10.37"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.11.21"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.12.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9.11"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/62bb2c7f2411a0045c24831f11ecacfc35610815"},{"url":"https://git.kernel.org/stable/c/8bf96425c90f5c1dcf3b7b9df568019a1d4b8a0e"},{"url":"https://git.kernel.org/stable/c/8e029707f50a82c53172359c686b2536ab54e58c"},{"url":"https://git.kernel.org/stable/c/28a5529068c51cdf0295ab1e11a99a3a909a03e4"},{"url":"https://git.kernel.org/stable/c/001c8e83646ad3b847b18f6ac55a54367d917d74"},{"url":"https://git.kernel.org/stable/c/c7fabe372a9031acd00498bc718ce27c253abfd1"},{"url":"https://git.kernel.org/stable/c/cee78aa24578edac8cf00513dca618c0acc17cd7"},{"url":"https://git.kernel.org/stable/c/8735248ebb918d25427965f0db07939ed0473ec6"},{"url":"https://git.kernel.org/stable/c/794aaf01444d4e765e2b067cba01cc69c1c68ed9"}],"title":"spi: Fix use-after-free with devm_spi_alloc_*","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:17:42.989Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/62bb2c7f2411a0045c24831f11ecacfc35610815","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8bf96425c90f5c1dcf3b7b9df568019a1d4b8a0e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8e029707f50a82c53172359c686b2536ab54e58c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/28a5529068c51cdf0295ab1e11a99a3a909a03e4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/001c8e83646ad3b847b18f6ac55a54367d917d74","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c7fabe372a9031acd00498bc718ce27c253abfd1","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/cee78aa24578edac8cf00513dca618c0acc17cd7","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8735248ebb918d25427965f0db07939ed0473ec6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/794aaf01444d4e765e2b067cba01cc69c1c68ed9","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-46959","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:57:07.725975Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:46.810Z"}}]}}