CVE-2021-47358

staging: greybus: uart: fix tty use after free

Description

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: uart: fix tty use after free User space can hold a tty open indefinitely and tty drivers must not release the underlying structures until the last user is gone. Switch to using the tty-port reference counter to manage the life time of the greybus tty state to avoid use after free after a disconnect.

References

Link	Tags
https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d	patch
https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f	patch
https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69	patch
https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14	patch
https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6	patch
https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1	patch
https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39431b44f	patch

Frequently Asked Questions

What is the severity of CVE-2021-47358?: CVE-2021-47358 has been scored as a high severity vulnerability.
How to fix CVE-2021-47358?: To fix CVE-2021-47358, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47358 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-47358 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47358?: CVE-2021-47358 affects Linux Linux, Linux Linux.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions