CVE-2021-47456

EPSS 0.02%
Published 22.05.2024 07:15:10
Last modified 02.04.2025 15:11:57
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

can: peak_pci: peak_pci_remove(): fix UAF

When remove the module peek_pci, referencing 'chan' again after
releasing 'dev' will cause UAF.

Fix this by releasing 'dev' later.

The following log reveals it:

[   35.961814 ] BUG: KASAN: use-after-free in peak_pci_remove+0x16f/0x270 [peak_pci]
[   35.963414 ] Read of size 8 at addr ffff888136998ee8 by task modprobe/5537
[   35.965513 ] Call Trace:
[   35.965718 ]  dump_stack_lvl+0xa8/0xd1
[   35.966028 ]  print_address_description+0x87/0x3b0
[   35.966420 ]  kasan_report+0x172/0x1c0
[   35.966725 ]  ? peak_pci_remove+0x16f/0x270 [peak_pci]
[   35.967137 ]  ? trace_irq_enable_rcuidle+0x10/0x170
[   35.967529 ]  ? peak_pci_remove+0x16f/0x270 [peak_pci]
[   35.967945 ]  __asan_report_load8_noabort+0x14/0x20
[   35.968346 ]  peak_pci_remove+0x16f/0x270 [peak_pci]
[   35.968752 ]  pci_device_remove+0xa9/0x250

Affected products Warnungen 0 Metrics 2 CWE 2 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.4 < 4.4.290

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.288

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.253

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.214

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.156

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.76

Linux ≫ Linux Kernel Version >= 5.11 < 5.14.15

Linux ≫ Linux Kernel Version5.15 Updaterc1

Linux ≫ Linux Kernel Version5.15 Updaterc2

Linux ≫ Linux Kernel Version5.15 Updaterc3

Linux ≫ Linux Kernel Version5.15 Updaterc4

Linux ≫ Linux Kernel Version5.15 Updaterc5

Linux ≫ Linux Kernel Version5.15 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.036

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CWE-467 Use of sizeof() on a Pointer Type

The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being pointed to.

https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d

Patch

https://git.kernel.org/stable/c/1248582e47a9f7ce0ecd156c39fc61f8b6aa3699

Patch

https://git.kernel.org/stable/c/1c616528ba4aeb1125a06b407572ab7b56acae38

Patch

https://git.kernel.org/stable/c/28f28e4bc3a5e0051faa963f10b778ab38c1db69

Patch

https://git.kernel.org/stable/c/34914971bb3244db4ce2be44e9438a9b30c56250

Patch

https://git.kernel.org/stable/c/447d44cd2f67a20b596ede3ca3cd67086dfd9ca9

Patch