{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47483","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-22T06:20:56.200Z","datePublished":"2024-05-22T08:19:34.852Z","dateUpdated":"2025-05-04T07:12:04.209Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:12:04.209Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: Fix possible double-free in regcache_rbtree_exit()\n\nIn regcache_rbtree_insert_to_block(), when 'present' realloc failed,\nthe 'blk' which is supposed to assign to 'rbnode->block' will be freed,\nso 'rbnode->block' points a freed memory, in the error handling path of\nregcache_rbtree_init(), 'rbnode->block' will be freed again in\nregcache_rbtree_exit(), KASAN will report double-free as follows:\n\nBUG: KASAN: double-free or invalid-free in kfree+0xce/0x390\nCall Trace:\n slab_free_freelist_hook+0x10d/0x240\n kfree+0xce/0x390\n regcache_rbtree_exit+0x15d/0x1a0\n regcache_rbtree_init+0x224/0x2c0\n regcache_init+0x88d/0x1310\n __regmap_init+0x3151/0x4a80\n __devm_regmap_init+0x7d/0x100\n madera_spi_probe+0x10f/0x333 [madera_spi]\n spi_probe+0x183/0x210\n really_probe+0x285/0xc30\n\nTo fix this, moving up the assignment of rbnode->block to immediately after\nthe reallocation has succeeded so that the data structure stays valid even\nif the second reallocation fails."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/base/regmap/regcache-rbtree.c"],"versions":[{"version":"3f4ff561bc88b074d5e868dde4012d89cbb06c87","lessThan":"e72dce9afbdbfa70d9b44f5908a50ff6c4858999","status":"affected","versionType":"git"},{"version":"3f4ff561bc88b074d5e868dde4012d89cbb06c87","lessThan":"fc081477b47dfc3a6cb50a96087fc29674013fc2","status":"affected","versionType":"git"},{"version":"3f4ff561bc88b074d5e868dde4012d89cbb06c87","lessThan":"758ced2c3878ff789801e6fee808e185c5cf08d6","status":"affected","versionType":"git"},{"version":"3f4ff561bc88b074d5e868dde4012d89cbb06c87","lessThan":"3dae1a4eced3ee733d7222e69b8a55caf2d61091","status":"affected","versionType":"git"},{"version":"3f4ff561bc88b074d5e868dde4012d89cbb06c87","lessThan":"1cead23c1c0bc766dacb900a3b0269f651ad596f","status":"affected","versionType":"git"},{"version":"3f4ff561bc88b074d5e868dde4012d89cbb06c87","lessThan":"36e911a16b377bde0ad91a8c679069d0d310b1a6","status":"affected","versionType":"git"},{"version":"3f4ff561bc88b074d5e868dde4012d89cbb06c87","lessThan":"50cc1462a668dc62949a1127388bc3af785ce047","status":"affected","versionType":"git"},{"version":"3f4ff561bc88b074d5e868dde4012d89cbb06c87","lessThan":"55e6d8037805b3400096d621091dfbf713f97e83","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/base/regmap/regcache-rbtree.c"],"versions":[{"version":"3.12","status":"affected"},{"version":"0","lessThan":"3.12","status":"unaffected","versionType":"semver"},{"version":"4.4.291","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.289","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.254","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.215","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.157","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.77","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.14.16","lessThanOrEqual":"5.14.*","status":"unaffected","versionType":"semver"},{"version":"5.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"4.4.291"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"4.9.289"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"4.14.254"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"4.19.215"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.4.157"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.10.77"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.14.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e72dce9afbdbfa70d9b44f5908a50ff6c4858999"},{"url":"https://git.kernel.org/stable/c/fc081477b47dfc3a6cb50a96087fc29674013fc2"},{"url":"https://git.kernel.org/stable/c/758ced2c3878ff789801e6fee808e185c5cf08d6"},{"url":"https://git.kernel.org/stable/c/3dae1a4eced3ee733d7222e69b8a55caf2d61091"},{"url":"https://git.kernel.org/stable/c/1cead23c1c0bc766dacb900a3b0269f651ad596f"},{"url":"https://git.kernel.org/stable/c/36e911a16b377bde0ad91a8c679069d0d310b1a6"},{"url":"https://git.kernel.org/stable/c/50cc1462a668dc62949a1127388bc3af785ce047"},{"url":"https://git.kernel.org/stable/c/55e6d8037805b3400096d621091dfbf713f97e83"}],"title":"regmap: Fix possible double-free in regcache_rbtree_exit()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:39:59.752Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/e72dce9afbdbfa70d9b44f5908a50ff6c4858999","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fc081477b47dfc3a6cb50a96087fc29674013fc2","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/758ced2c3878ff789801e6fee808e185c5cf08d6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3dae1a4eced3ee733d7222e69b8a55caf2d61091","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1cead23c1c0bc766dacb900a3b0269f651ad596f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/36e911a16b377bde0ad91a8c679069d0d310b1a6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/50cc1462a668dc62949a1127388bc3af785ce047","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/55e6d8037805b3400096d621091dfbf713f97e83","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47483","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:35:58.617398Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:32:53.194Z"}}]}}