CVE-2021-47224

EPSS 0.05%
Published 21.05.2024 15:15:11
Last modified 04.04.2025 14:32:24
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

net: ll_temac: Make sure to free skb when it is completely used

With the skb pointer piggy-backed on the TX BD, we have a simple and
efficient way to free the skb buffer when the frame has been transmitted.
But in order to avoid freeing the skb while there are still fragments from
the skb in use, we need to piggy-back on the TX BD of the skb, not the
first.

Without this, we are doing use-after-free on the DMA side, when the first
BD of a multi TX BD packet is seen as completed in xmit_done, and the
remaining BDs are still being processed.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.4.128

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.46

Linux ≫ Linux Kernel Version >= 5.11 < 5.12.13

Linux ≫ Linux Kernel Version5.13 Updaterc1

Linux ≫ Linux Kernel Version5.13 Updaterc2

Linux ≫ Linux Kernel Version5.13 Updaterc3

Linux ≫ Linux Kernel Version5.13 Updaterc4

Linux ≫ Linux Kernel Version5.13 Updaterc5

Linux ≫ Linux Kernel Version5.13 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.146

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/019ab7d044d0ebf97e1236bb8935b7809be92358

Patch

https://git.kernel.org/stable/c/6aa32217a9a446275440ee8724b1ecaf1838df47

Patch

https://git.kernel.org/stable/c/6d120ab4dc39a543c6b63361e1d0541c382900a3

Patch

https://git.kernel.org/stable/c/e8afe05bd359ebe12a61dbdc94c06c00ea3e8d4b

Patch

https://nvd.nist.gov/vuln/detail/CVE-2021-47224

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-47224

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-47224

EUVD