8.4
CVE-2021-47232
- EPSS 0.02%
- Published 21.05.2024 15:15:12
- Last modified 04.04.2025 14:31:13
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to a Use-after-Free if the skb is taken concurrently from the session queue due to a CTS.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.4 < 5.4.128
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.46
Linux ≫ Linux Kernel Version >= 5.11 < 5.12.13
Linux ≫ Linux Kernel Version5.13 Updaterc1
Linux ≫ Linux Kernel Version5.13 Updaterc2
Linux ≫ Linux Kernel Version5.13 Updaterc3
Linux ≫ Linux Kernel Version5.13 Updaterc4
Linux ≫ Linux Kernel Version5.13 Updaterc5
Linux ≫ Linux Kernel Version5.13 Updaterc6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.039 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.