CVE-2021-47456

EPSS 0.03%
Veröffentlicht 22.05.2024 07:15:10
Zuletzt bearbeitet 02.04.2025 15:11:57
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

can: peak_pci: peak_pci_remove(): fix UAF

In the Linux kernel, the following vulnerability has been resolved:

can: peak_pci: peak_pci_remove(): fix UAF

When remove the module peek_pci, referencing 'chan' again after
releasing 'dev' will cause UAF.

Fix this by releasing 'dev' later.

The following log reveals it:

[   35.961814 ] BUG: KASAN: use-after-free in peak_pci_remove+0x16f/0x270 [peak_pci]
[   35.963414 ] Read of size 8 at addr ffff888136998ee8 by task modprobe/5537
[   35.965513 ] Call Trace:
[   35.965718 ]  dump_stack_lvl+0xa8/0xd1
[   35.966028 ]  print_address_description+0x87/0x3b0
[   35.966420 ]  kasan_report+0x172/0x1c0
[   35.966725 ]  ? peak_pci_remove+0x16f/0x270 [peak_pci]
[   35.967137 ]  ? trace_irq_enable_rcuidle+0x10/0x170
[   35.967529 ]  ? peak_pci_remove+0x16f/0x270 [peak_pci]
[   35.967945 ]  __asan_report_load8_noabort+0x14/0x20
[   35.968346 ]  peak_pci_remove+0x16f/0x270 [peak_pci]
[   35.968752 ]  pci_device_remove+0xa9/0x250

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 11

NVD 13 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.4 < 4.4.290

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.288

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.253

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.214

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.156

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.76

Linux ≫ Linux Kernel Version >= 5.11 < 5.14.15

Linux ≫ Linux Kernel Version5.15 Updaterc1

Linux ≫ Linux Kernel Version5.15 Updaterc2

Linux ≫ Linux Kernel Version5.15 Updaterc3

Linux ≫ Linux Kernel Version5.15 Updaterc4

Linux ≫ Linux Kernel Version5.15 Updaterc5

Linux ≫ Linux Kernel Version5.15 Updaterc6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.077

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CWE-467 Use of sizeof() on a Pointer Type

The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being pointed to.

https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d

Patch

https://git.kernel.org/stable/c/1248582e47a9f7ce0ecd156c39fc61f8b6aa3699

Patch

https://git.kernel.org/stable/c/1c616528ba4aeb1125a06b407572ab7b56acae38

Patch

https://git.kernel.org/stable/c/28f28e4bc3a5e0051faa963f10b778ab38c1db69

Patch

https://git.kernel.org/stable/c/34914971bb3244db4ce2be44e9438a9b30c56250

Patch

https://git.kernel.org/stable/c/447d44cd2f67a20b596ede3ca3cd67086dfd9ca9

Patch