{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47239","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-04-10T18:59:19.532Z","datePublished":"2024-05-21T14:19:39.705Z","dateUpdated":"2025-05-04T07:06:56.591Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:06:56.591Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: fix possible use-after-free in smsc75xx_bind\n\nThe commit 46a8b29c6306 (\"net: usb: fix memory leak in smsc75xx_bind\")\nfails to clean up the work scheduled in smsc75xx_reset->\nsmsc75xx_set_multicast, which leads to use-after-free if the work is\nscheduled to start after the deallocation. In addition, this patch\nalso removes a dangling pointer - dev->data[0].\n\nThis patch calls cancel_work_sync to cancel the scheduled work and set\nthe dangling pointer to NULL."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/usb/smsc75xx.c"],"versions":[{"version":"200dbfcad8011e50c3cec269ed7b980836eeb1fa","lessThan":"7cc8b2e05fcea6edd022d26e82091d781af8fd9b","status":"affected","versionType":"git"},{"version":"22c840596af0c09068b6cf948616e6496e59e07f","lessThan":"64160d1741a3de5204d1a822e058e0b4cc526504","status":"affected","versionType":"git"},{"version":"9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc","lessThan":"c4e3be2e7742863e454ce31faf8fd0109c00050b","status":"affected","versionType":"git"},{"version":"9e6a3eccb28779710cbbafc4f4258d92509c6d07","lessThan":"2fc8300c9cfa5167fcb5b1a2a07db6f53e82f59b","status":"affected","versionType":"git"},{"version":"b95fb96e6339e34694dd578fb6bde3575b01af17","lessThan":"4252bf6c2b245f47011098113d405ffad6ad5d5b","status":"affected","versionType":"git"},{"version":"635ac38b36255d3cfb8312cf7c471334f4d537e0","lessThan":"570a52cf3e01d19f7fd1a251dfc52b0cd86c13cb","status":"affected","versionType":"git"},{"version":"70c886ac93f87ae7214a0c69151a28a8075dd95b","lessThan":"14616c372a7be01a2fb8c56c9d8debd232b9e43d","status":"affected","versionType":"git"},{"version":"46a8b29c6306d8bbfd92b614ef65a47c900d8e70","lessThan":"56b786d86694e079d8aad9b314e015cd4ac02a3d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/usb/smsc75xx.c"],"versions":[{"version":"4.4.271","lessThan":"4.4.274","status":"affected","versionType":"semver"},{"version":"4.9.271","lessThan":"4.9.274","status":"affected","versionType":"semver"},{"version":"4.14.235","lessThan":"4.14.238","status":"affected","versionType":"semver"},{"version":"4.19.193","lessThan":"4.19.196","status":"affected","versionType":"semver"},{"version":"5.4.124","lessThan":"5.4.128","status":"affected","versionType":"semver"},{"version":"5.10.42","lessThan":"5.10.46","status":"affected","versionType":"semver"},{"version":"5.12.9","lessThan":"5.12.13","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.271","versionEndExcluding":"4.4.274"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.271","versionEndExcluding":"4.9.274"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.235","versionEndExcluding":"4.14.238"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.193","versionEndExcluding":"4.19.196"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.124","versionEndExcluding":"5.4.128"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.42","versionEndExcluding":"5.10.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12.9","versionEndExcluding":"5.12.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7cc8b2e05fcea6edd022d26e82091d781af8fd9b"},{"url":"https://git.kernel.org/stable/c/64160d1741a3de5204d1a822e058e0b4cc526504"},{"url":"https://git.kernel.org/stable/c/c4e3be2e7742863e454ce31faf8fd0109c00050b"},{"url":"https://git.kernel.org/stable/c/2fc8300c9cfa5167fcb5b1a2a07db6f53e82f59b"},{"url":"https://git.kernel.org/stable/c/4252bf6c2b245f47011098113d405ffad6ad5d5b"},{"url":"https://git.kernel.org/stable/c/570a52cf3e01d19f7fd1a251dfc52b0cd86c13cb"},{"url":"https://git.kernel.org/stable/c/14616c372a7be01a2fb8c56c9d8debd232b9e43d"},{"url":"https://git.kernel.org/stable/c/56b786d86694e079d8aad9b314e015cd4ac02a3d"}],"title":"net: usb: fix possible use-after-free in smsc75xx_bind","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:32:07.920Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/7cc8b2e05fcea6edd022d26e82091d781af8fd9b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/64160d1741a3de5204d1a822e058e0b4cc526504","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c4e3be2e7742863e454ce31faf8fd0109c00050b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2fc8300c9cfa5167fcb5b1a2a07db6f53e82f59b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4252bf6c2b245f47011098113d405ffad6ad5d5b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/570a52cf3e01d19f7fd1a251dfc52b0cd86c13cb","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/14616c372a7be01a2fb8c56c9d8debd232b9e43d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/56b786d86694e079d8aad9b314e015cd4ac02a3d","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47239","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:40:00.710972Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:12.603Z"}}]}}