CVE-2021-47048

Published: Feb 28, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op When handling op->addr, it is using the buffer "tmpbuf" which has been freed. This will trigger a use-after-free KASAN warning. Let's use temporary variables to store op->addr.val and op->cmd.opcode to fix this issue.

Vendor	Product	Versions
Linux	Linux	affected `1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e - < 1231279389b5e638bc3b66b9741c94077aed4b5a` affected `1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e - < d67e0d6bd92ebbb0294e7062bbf5cdc773764e62` affected `1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e - < 23269ac9f123eca3aea7682d3345c02e71ed696c` affected `1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e - < a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58`
Linux	Linux	affected `5.10` unaffected `0 - < 5.10` unaffected `5.10.37 - <= 5.10.` unaffected `5.11.21 - <= 5.11.` unaffected `5.12.4 - <= 5.12.*` +1 more versions

References

https://git.kernel.org/stable/c/1231279389b5e638bc3b66b9741c94077aed4b5a

https://git.kernel.org/stable/c/d67e0d6bd92ebbb0294e7062bbf5cdc773764e62

https://git.kernel.org/stable/c/23269ac9f123eca3aea7682d3345c02e71ed696c

https://git.kernel.org/stable/c/a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-47048

Description

Affected Products

References