7.8

CVE-2021-47013

net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send

In the Linux kernel, the following vulnerability has been resolved:

net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send

In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).
If some error happens in emac_tx_fill_tpd(), the skb will be freed via
dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().
But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).

As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,
thus my patch assigns skb->len to 'len' before the possible free and
use 'len' instead of skb->len later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.9 < 4.9.269
LinuxLinux Kernel Version >= 4.10 < 4.14.233
LinuxLinux Kernel Version >= 4.15 < 4.19.191
LinuxLinux Kernel Version >= 4.20 < 5.4.119
LinuxLinux Kernel Version >= 5.5 < 5.10.37
LinuxLinux Kernel Version >= 5.11 < 5.11.21
LinuxLinux Kernel Version >= 5.12 < 5.12.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.169
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834
Patch
https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d
Patch
https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57
Patch
https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7
Patch
https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d
Patch
https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955
Patch
https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322
Patch
https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b
Patch