{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T08:24:57.646","vulnerabilities":[{"cve":{"id":"CVE-2021-47653","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-02-26T06:37:07.080","lastModified":"2025-03-24T17:46:18.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: davinci: vpif: fix use-after-free on driver unbind\n\nThe driver allocates and registers two platform device structures during\nprobe, but the devices were never deregistered on driver unbind.\n\nThis results in a use-after-free on driver unbind as the device\nstructures were allocated using devres and would be freed by driver\ncore when remove() returns.\n\nFix this by adding the missing deregistration calls to the remove()\ncallback and failing probe on registration errors.\n\nNote that the platform device structures must be freed using a proper\nrelease callback to avoid leaking associated resources like device\nnames."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: davinci: vpif: fix use-after-free on driver unbind El controlador asigna y registra dos estructuras de dispositivos de plataforma durante la sonda, pero los dispositivos nunca se anularon el registro en la anulación del enlace del controlador. Esto da como resultado un use-after-free en la anulación del enlace del controlador, ya que las estructuras de dispositivos se asignaron utilizando devres y serían liberadas por el núcleo del controlador cuando remove() regrese. Solucione esto agregando las llamadas de anulación de registro faltantes a la devolución de llamada remove() y haciendo que la sonda falle en los errores de registro. Tenga en cuenta que las estructuras de dispositivos de plataforma se deben liberar utilizando una devolución de llamada de liberación adecuada para evitar filtrar recursos asociados, como nombres de dispositivos."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.15.54","matchCriteriaId":"B6C209C8-267B-41B5-81F6-3CA003203380"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.16.19","matchCriteriaId":"20C43679-0439-405A-B97F-685BEE50613B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"5.17.2","matchCriteriaId":"210C679C-CF84-44A3-8939-E629C87E54BF"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/43acb728bbc40169d2e2425e84a80068270974be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6512c3c39cb6b573b791ce45365818a38b76afbe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9ffc602e14d7b9f7e7cb2f67e18dfef9ef8af676","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b5a3bb7f6f164eb6ee74ef4898dcd019b2063448","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}