high
7.8
CWE
415
Advisory Published
Updated

CVE-2021-47483: regmap: Fix possible double-free in regcache_rbtree_exit()

First published: Wed May 22 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcache_rbtree_exit() In regcache_rbtree_insert_to_block(), when 'present' realloc failed, the 'blk' which is supposed to assign to 'rbnode->block' will be freed, so 'rbnode->block' points a freed memory, in the error handling path of regcache_rbtree_init(), 'rbnode->block' will be freed again in regcache_rbtree_exit(), KASAN will report double-free as follows: BUG: KASAN: double-free or invalid-free in kfree+0xce/0x390 Call Trace: slab_free_freelist_hook+0x10d/0x240 kfree+0xce/0x390 regcache_rbtree_exit+0x15d/0x1a0 regcache_rbtree_init+0x224/0x2c0 regcache_init+0x88d/0x1310 __regmap_init+0x3151/0x4a80 __devm_regmap_init+0x7d/0x100 madera_spi_probe+0x10f/0x333 [madera_spi] spi_probe+0x183/0x210 really_probe+0x285/0xc30 To fix this, moving up the assignment of rbnode->block to immediately after the reallocation has succeeded so that the data structure stays valid even if the second reallocation fails.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=3.12<4.4.291
Linux Kernel>=4.5<4.9.289
Linux Kernel>=4.10<4.14.254
Linux Kernel>=4.15<4.19.215
Linux Kernel>=4.20<5.4.157
Linux Kernel>=5.5<5.10.77
Linux Kernel>=5.11<5.14.16
Linux Kernel=5.15-rc1
Linux Kernel=5.15-rc2
Linux Kernel=5.15-rc3
Linux Kernel=5.15-rc4
Linux Kernel=5.15-rc5
Linux Kernel=5.15-rc6
Linux Kernel=5.15-rc7

Remedy

https://git.kernel.org/stable/c/1cead23c1c0bc766dacb900a3b0269f651ad596f

Remedy

https://git.kernel.org/stable/c/36e911a16b377bde0ad91a8c679069d0d310b1a6

Remedy

https://git.kernel.org/stable/c/3dae1a4eced3ee733d7222e69b8a55caf2d61091

Remedy

https://git.kernel.org/stable/c/50cc1462a668dc62949a1127388bc3af785ce047

Remedy

https://git.kernel.org/stable/c/55e6d8037805b3400096d621091dfbf713f97e83

Remedy

https://git.kernel.org/stable/c/758ced2c3878ff789801e6fee808e185c5cf08d6

Remedy

https://git.kernel.org/stable/c/e72dce9afbdbfa70d9b44f5908a50ff6c4858999

Remedy

https://git.kernel.org/stable/c/fc081477b47dfc3a6cb50a96087fc29674013fc2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203