CVE-2021-47051: spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
In the Linux kernel, the following vulnerability has been resolved:
spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue is a driver-specific resource accounting bug, not a documented remote compromise. In the Freescale/NXP LPSPI SPI driver, a failed power-management resume could leave an internal usage counter elevated. The likely business impact is reliability or power-management degradation on affected systems, especially embedded Linux platforms using this driver.
Executive priority
Treat this as a targeted kernel maintenance item, not an emergency, unless critical devices use the affected SPI driver and depend on runtime power management stability. Patch through normal kernel update channels after confirming exposure.
Technical view
CVE-2021-47051 fixes a runtime PM reference leak in lpspi_prepare_xfer_hardware() in the Linux fsl-lpspi SPI driver. The source states pm_runtime_get_sync() increments the PM usage counter even on failure; the fix replaces it with pm_runtime_resume_and_get() to keep the counter balanced.
Likely exposure
Exposure appears limited to Linux kernels using the fsl-lpspi SPI controller driver in affected kernel versions or commits. The source lists Linux as affected but provides no CPEs, CVSS, or deployment-specific product inventory guidance.
Exploitation context
The supplied sources do not report active exploitation, and KEV status is false. No public source in the bundle describes exploitability, prerequisites, or security impact beyond the PM reference leak fixed in kernel stable commits.
Researcher notes
The record lacks CVSS, CWE, CPEs, exploit details, and concrete impact claims. The strongest evidence is the upstream stable fix description. Analysis should stay constrained to PM reference leakage in the fsl-lpspi driver.
Mitigation direction
Upgrade to a Linux kernel containing the referenced stable fixes.
Prioritize embedded or SoC systems using the fsl-lpspi SPI driver.
Check vendor kernel advisories for backported fixes in downstream kernels.
Avoid assuming mainline version numbers cover vendor-maintained kernels.
Validation and detection
Inventory systems for Linux kernels in the affected version set.
Confirm whether the fsl-lpspi driver is built, loaded, or required.
Compare kernel source or package changelog against the referenced stable commits.
Review vendor advisories for equivalent backport identifiers.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47051 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.