1220577 – (CVE-2021-47048) VUL-0: CVE-2021-47048: kernel: spi: spi-zynqmp-gqspi: use-after-free in zynqmp_qspi_exec_op

Bug 1220577 (CVE-2021-47048) - VUL-0: CVE-2021-47048: kernel: spi: spi-zynqmp-gqspi: use-after-free in zynqmp_qspi_exec_op

Summary: VUL-0: CVE-2021-47048: kernel: spi: spi-zynqmp-gqspi: use-after-free in zynqm...

Status:	RESOLVED FIXED

Alias:	CVE-2021-47048

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/395495/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-02-28 15:07 UTC by SMASH SMASH
Modified:	2024-05-29 12:00 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-02-28 15:07:44 UTC

In the Linux kernel, the following vulnerability has been resolved:

spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op

When handling op->addr, it is using the buffer "tmpbuf" which has been
freed. This will trigger a use-after-free KASAN warning. Let's use
temporary variables to store op->addr.val and op->cmd.opcode to fix
this issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47048
https://git.kernel.org/stable/c/a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58
https://git.kernel.org/stable/c/d67e0d6bd92ebbb0294e7062bbf5cdc773764e62
https://www.cve.org/CVERecord?id=CVE-2021-47048
https://git.kernel.org/stable/c/1231279389b5e638bc3b66b9741c94077aed4b5a
https://git.kernel.org/stable/c/23269ac9f123eca3aea7682d3345c02e71ed696c

Comment 1 Thomas Leroy 2024-02-28 15:14:55 UTC

Introduced in 5.10 and fix present on:
- SLE15-SP6
- cve/linux-5.14
- stable

Only changelog update needed

Comment 3 Ivan Ivanov 2024-03-07 08:22:31 UTC

How I could add tag to something with is part of the 'baseline'?

There is no patch to which I could add reference.

$ git describe a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58
v5.12-rc2-105-ga2c5bedb2d55

Comment 4 Miroslav Beneš 2024-03-07 10:39:33 UTC

One way is to add an empty commit with just the reference. It will propagate to the changelog.

Adding Takashi in case there is a different preferred way.

Comment 5 Takashi Iwai 2024-03-07 13:24:32 UTC

As the base kernel already contains the fix, we are unaffected.  Just reassign back to security team.

Comment 6 Andrea Mattiazzo 2024-05-29 12:00:52 UTC

All done, closing.