{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47502", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-22T06:20:56.204Z", "datePublished": "2024-05-24T15:01:49.699Z", "dateUpdated": "2025-05-04T07:12:24.711Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:12:24.711Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd934x: handle channel mappping list correctly\n\nCurrently each channel is added as list to dai channel list, however\nthere is danger of adding same channel to multiple dai channel list\nwhich endups corrupting the other list where its already added.\n\nThis patch ensures that the channel is actually free before adding to\nthe dai channel list and also ensures that the channel is on the list\nbefore deleting it.\n\nThis check was missing previously, and we did not hit this issue as\nwe were testing very simple usecases with sequence of amixer commands."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/codecs/wcd934x.c"], "versions": [{"version": "dd9eb19b567303e4b92747dcfb5deedb182af111", "lessThan": "1089dac26c6b4b833323ae6c0ceab29fb30ede72", "status": "affected", "versionType": "git"}, {"version": "dd9eb19b567303e4b92747dcfb5deedb182af111", "lessThan": "339ffb5b56005582aacc860524d2d208604049d1", "status": "affected", "versionType": "git"}, {"version": "dd9eb19b567303e4b92747dcfb5deedb182af111", "lessThan": "23ba28616d3063bd4c4953598ed5e439ca891101", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/codecs/wcd934x.c"], "versions": [{"version": "5.6", "status": "affected"}, {"version": "0", "lessThan": "5.6", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.85", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.8", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.10.85"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.15.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72"}, {"url": "https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1"}, {"url": "https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101"}], "title": "ASoC: codecs: wcd934x: handle channel mappping list correctly", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47502", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-24T19:19:30.436874Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:14:49.622Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.770Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.770Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47502", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-24T19:19:30.436874Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-24T19:19:41.387Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "ASoC: codecs: wcd934x: handle channel mappping list correctly", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "dd9eb19b567303e4b92747dcfb5deedb182af111", "lessThan": "1089dac26c6b4b833323ae6c0ceab29fb30ede72", "versionType": "git"}, {"status": "affected", "version": "dd9eb19b567303e4b92747dcfb5deedb182af111", "lessThan": "339ffb5b56005582aacc860524d2d208604049d1", "versionType": "git"}, {"status": "affected", "version": "dd9eb19b567303e4b92747dcfb5deedb182af111", "lessThan": "23ba28616d3063bd4c4953598ed5e439ca891101", "versionType": "git"}], "programFiles": ["sound/soc/codecs/wcd934x.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.6"}, {"status": "unaffected", "version": "0", "lessThan": "5.6", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.85", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.8", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/soc/codecs/wcd934x.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72"}, {"url": "https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1"}, {"url": "https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd934x: handle channel mappping list correctly\n\nCurrently each channel is added as list to dai channel list, however\nthere is danger of adding same channel to multiple dai channel list\nwhich endups corrupting the other list where its already added.\n\nThis patch ensures that the channel is actually free before adding to\nthe dai channel list and also ensures that the channel is on the list\nbefore deleting it.\n\nThis check was missing previously, and we did not hit this issue as\nwe were testing very simple usecases with sequence of amixer commands."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.85", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.8", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.16", "versionStartIncluding": "5.6"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:12:24.711Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47502", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:12:24.711Z", "dateReserved": "2024-05-22T06:20:56.204Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-24T15:01:49.699Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4647680F-2C60-4192-9716-F3BBCBD68B17", "versionEndExcluding": "5.10.85", "versionStartIncluding": "5.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6664ACE2-F748-4AE5-B98B-58803B0B2C3E", "versionEndExcluding": "5.15.8", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*", "matchCriteriaId": "A73429BA-C2D9-4D0C-A75F-06A1CA8B3983", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*", "matchCriteriaId": "F621B5E3-E99D-49E7-90B9-EC3B77C95383", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*", "matchCriteriaId": "F7BFDCAA-1650-49AA-8462-407DD593F94F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd934x: handle channel mappping list correctly\n\nCurrently each channel is added as list to dai channel list, however\nthere is danger of adding same channel to multiple dai channel list\nwhich endups corrupting the other list where its already added.\n\nThis patch ensures that the channel is actually free before adding to\nthe dai channel list and also ensures that the channel is on the list\nbefore deleting it.\n\nThis check was missing previously, and we did not hit this issue as\nwe were testing very simple usecases with sequence of amixer commands."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: c\u00f3decs: wcd934x: maneja correctamente la lista de asignaci\u00f3n de canales Actualmente, cada canal se agrega como lista a la lista de canales dai, sin embargo, existe el peligro de agregar el mismo canal a varias listas de canales dai, lo que termina corrompiendo la otra lista donde ya est\u00e1 agregada. Este parche garantiza que el canal est\u00e9 realmente libre antes de agregarlo a la lista de canales dai y tambi\u00e9n garantiza que el canal est\u00e9 en la lista antes de eliminarlo. Esta verificaci\u00f3n faltaba anteriormente y no encontramos este problema ya que est\u00e1bamos probando casos de uso muy simples con una secuencia de comandos de amixer."}], "id": "CVE-2021-47502", "lastModified": "2025-09-29T16:32:44.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-24T15:15:10.350", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ASoC: codecs: wcd934x: handle channel mappping list correctly", "id": "2283452", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283452"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: codecs: wcd934x: handle channel mappping list correctly\nCurrently each channel is added as list to dai channel list, however\nthere is danger of adding same channel to multiple dai channel list\nwhich endups corrupting the other list where its already added.\nThis patch ensures that the channel is actually free before adding to\nthe dai channel list and also ensures that the channel is on the list\nbefore deleting it.\nThis check was missing previously, and we did not hit this issue as\nwe were testing very simple usecases with sequence of amixer commands."], "name": "CVE-2021-47502", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47502\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47502"], "threat_severity": "Low"}