Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

Vulnerability IntelligenceCVE-2021-47358

CVE-2021-47358

HIGH7.8

staging: greybus: uart: fix tty use after free

Published May 21, 2024

Modified 10 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

staging: greybus: uart: fix tty use after free

User space can hold a tty open indefinitely and tty drivers must not release the underlying structures until the last user is gone.

Switch to using the tty-port reference counter to manage the life time of the greybus tty state to avoid use after free after a disconnect.

References

WEB

https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14

WEB

https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f

WEB

https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d

WEB

https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39431b44f

WEB

https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1

WEB

https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69

WEB

https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2021-47358

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMay 21, 2024

ModifiedMay 4, 2025

CVE-2021-47358 | Mondoo Vulnerability Intelligence