7.8

CVE-2021-47520

can: pch_can: pch_can_rx_normal: fix use after free

In the Linux kernel, the following vulnerability has been resolved:

can: pch_can: pch_can_rx_normal: fix use after free

After calling netif_receive_skb(skb), dereferencing skb is unsafe.
Especially, the can_frame cf which aliases skb memory is dereferenced
just after the call netif_receive_skb(skb).

Reordering the lines solves the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.37 < 4.4.295
LinuxLinux Kernel Version >= 4.5 < 4.9.293
LinuxLinux Kernel Version >= 4.10 < 4.14.258
LinuxLinux Kernel Version >= 4.15 < 4.19.221
LinuxLinux Kernel Version >= 4.20 < 5.4.165
LinuxLinux Kernel Version >= 5.5 < 5.10.85
LinuxLinux Kernel Version >= 5.11 < 5.15.8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.151
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/3a3c46e2eff0577454860a203be1a8295f4acb76
Patch
https://git.kernel.org/stable/c/3e193ef4e0a3f5bf92ede83ef214cb09d01b00aa
Patch
https://git.kernel.org/stable/c/6c73fc931658d8cbc8a1714b326cb31eb71d16a7
Patch
https://git.kernel.org/stable/c/703dde112021c93d6e89443c070e7dbd4dea612e
Patch
https://git.kernel.org/stable/c/94cddf1e9227a171b27292509d59691819c458db
Patch
https://git.kernel.org/stable/c/abb4eff3dcd2e583060082a18a8dbf31f02689d4
Patch
https://git.kernel.org/stable/c/affbad02bf80380a7403885b9fe4a1587d1bb4f3
Patch
https://git.kernel.org/stable/c/bafe343a885c70dddf358379cf0b2a1c07355d8d
Patch