CVE-2021-46979

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 28, 2024
Updated: Dec 31, 2024
CWE ID 415

Summary

CVE-2021-46979 is a vulnerability affecting the Linux kernel. The issue lies in the iio driver where ioctl handlers are being removed twice. First, during iio_device_unregister(), and second, inside iio_device_unregister_eventset() and iio_buffers_free_sysfs_and_mask(). This double free results in a kernel panic. The vulnerability is remedied by preventing direct manipulation of the ioctl handlers list and allowing the responsible registration code to call the cleanup routine instead.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share