Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op When handling op->addr, it is using the buffer "tmpbuf" which has been freed. This will trigger a use-after-free KASAN warning. Let's use temporary variables to store op->addr.val and op->cmd.opcode to fix this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.10, < 5.10.37 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/1231279389b5e638bc3b66b9741c94077aed4b5aPatch
- https://git.kernel.org/stable/c/23269ac9f123eca3aea7682d3345c02e71ed696cPatch
- https://git.kernel.org/stable/c/a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58Patch
- https://git.kernel.org/stable/c/d67e0d6bd92ebbb0294e7062bbf5cdc773764e62Patch
- https://git.kernel.org/stable/c/1231279389b5e638bc3b66b9741c94077aed4b5aPatch
- https://git.kernel.org/stable/c/23269ac9f123eca3aea7682d3345c02e71ed696cPatch
- https://git.kernel.org/stable/c/a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58Patch
- https://git.kernel.org/stable/c/d67e0d6bd92ebbb0294e7062bbf5cdc773764e62Patch
FAQ
What is CVE-2021-47048?
CVE-2021-47048 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op When handling op->addr, it is using the buffer "tmpbuf" which has...
How severe is CVE-2021-47048?
CVE-2021-47048 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47048?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.