CVE-2021-47205

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some clock operation tries to perform MMIO. Fix this by separating the CCU initialization from the memory allocation, and then using a devres callback to unregister the clocks and resets. This also fixes a memory leak of the `struct ccu_reset`, and uses the correct owner (the specific platform driver) for the clocks and resets. Early OF clock providers are never unregistered, and limited error handling is possible, so they are mostly unchanged. The error reporting is made more consistent by moving the message inside of_sunxi_ccu_probe.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/9bec2b9c6134052994115d2d3374e96f2ccb9b9d	Mailing List Patch
https://git.kernel.org/stable/c/b5dd513daa70ee8f6d281a20bd28485ee9bb7db2	Mailing List Patch
https://git.kernel.org/stable/c/9bec2b9c6134052994115d2d3374e96f2ccb9b9d	Mailing List Patch
https://git.kernel.org/stable/c/b5dd513daa70ee8f6d281a20bd28485ee9bb7db2	Mailing List Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

17 Jun 2026, 04:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-401
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/9bec2b9c6134052994115d2d3374e96f2ccb9b9d -~~	() https://git.kernel.org/stable/c/9bec2b9c6134052994115d2d3374e96f2ccb9b9d - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/b5dd513daa70ee8f6d281a20bd28485ee9bb7db2 -~~	() https://git.kernel.org/stable/c/b5dd513daa70ee8f6d281a20bd28485ee9bb7db2 - Mailing List, Patch

21 Nov 2024, 06:35

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/9bec2b9c6134052994115d2d3374e96f2ccb9b9d -~~	() https://git.kernel.org/stable/c/9bec2b9c6134052994115d2d3374e96f2ccb9b9d -
References	~~() https://git.kernel.org/stable/c/b5dd513daa70ee8f6d281a20bd28485ee9bb7db2 -~~	() https://git.kernel.org/stable/c/b5dd513daa70ee8f6d281a20bd28485ee9bb7db2 -
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: sunxi-ng: Anular el registro de relojes/reinicios al desvincular Actualmente, desvincular un controlador CCU anula la asignación de la región MMIO del dispositivo, mientras que deja sus relojes/reinicios y sus proveedores registrados. Esto puede causar una falla de página más adelante cuando alguna operación de reloj intenta realizar MMIO. Solucione esto separando la inicialización de CCU de la asignación de memoria y luego usando una devolución de llamada devres para anular el registro de los relojes y reinicios. Esto también corrige una pérdida de memoria de `struct ccu_reset` y usa el propietario correcto (el controlador de plataforma específico) para los relojes y reinicios. Los primeros proveedores de reloj OF nunca se anulan del registro y es posible un manejo de errores limitado, por lo que en su mayoría no se modifican. El informe de errores se hace más consistente moviendo el mensaje dentro de of_sunxi_ccu_probe.

10 Apr 2024, 19:49

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-10 19:15

Updated : 2026-06-17 04:16

NVD link : CVE-2021-47205

Mitre link : CVE-2021-47205

CVE.ORG link : CVE-2021-47205

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10