CVE-2021-46979
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Feb 28, 2024
Updated: Dec 31, 2024
CWE ID 415
Summary
CVE-2021-46979 is a vulnerability affecting the Linux kernel. The issue lies in the iio driver where ioctl handlers are being removed twice. First, during iio_device_unregister(), and second, inside iio_device_unregister_eventset() and iio_buffers_free_sysfs_and_mask(). This double free results in a kernel panic. The vulnerability is remedied by preventing direct manipulation of the ioctl handlers list and allowing the responsible registration code to call the cleanup routine instead.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX