CVE-2021-47469 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2024-05-22

Score: 4.4 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4075-1	linux security update
Ubuntu USN	USN-7293-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7295-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7401-1	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7413-1	Linux kernel (IoT) vulnerabilities
Ubuntu USN	USN-7539-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7540-1	Linux kernel (Raspberry Pi) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2024052227-CVE-2021-47469-00c0@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47469
https://www.cve.org/CVERecord?id=CVE-2021-47469

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Title	spi: Fix deadlock when adding SPI controllers on SPI buses	kernel: spi: Fix deadlock when adding SPI controllers on SPI buses
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 03 Mar 2025 09:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-667
CPEs	cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc5::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/6098475d4cb48d821bdf453c61118c56e26294f0 https://git.kernel.org/stable/c/722ef19a161ce3fffb3d1b01ce2301c306639bdd https://git.kernel.org/stable/c/aa3f3d7bef59583f2d3234173105a27ff61ef8fe https://git.kernel.org/stable/c/c8dce228db6f81dbc897a018dfc5c418e917cf64
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 03 Mar 2025 08:30:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: spi: Fix deadlock when adding SPI controllers on SPI buses Currently we have a global spi_add_lock which we take when adding new devices so that we can check that we're not trying to reuse a chip select that's already controlled. This means that if the SPI device is itself a SPI controller and triggers the instantiation of further SPI devices we trigger a deadlock as we try to register and instantiate those devices while in the process of doing so for the parent controller and hence already holding the global spi_add_lock. Since we only care about concurrency within a single SPI bus move the lock to be per controller, avoiding the deadlock. This can be easily triggered in the case of spi-mux.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Fri, 10 Jan 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-667
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.15:rc5::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sun, 17 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/aa3f3d7bef59583f2d3234173105a27ff61ef8fe https://git.kernel.org/stable/c/c8dce228db6f81dbc897a018dfc5c418e917cf64

Mon, 04 Nov 2024 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-05-22T06:23:27.629Z

Updated: 2025-03-03T08:16:40.401Z

Reserved: 2024-05-22T06:20:56.199Z

Link: CVE-2021-47469

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-05-22T07:15:11.690

Modified: 2025-03-03T09:15:09.473

Link: CVE-2021-47469

Redhat

Severity : Low

Publid Date: 2024-05-22T00:00:00Z

Links: CVE-2021-47469 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-833

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object