7.8
CVE-2024-56651
- EPSS 0.23%
- Veröffentlicht 27.12.2024 15:15:24
- Zuletzt bearbeitet 03.11.2025 21:18:14
- CVE-Watchlists
- Unerledigt
can: hi311x: hi3110_can_ist(): fix potential use-after-free
In the Linux kernel, the following vulnerability has been resolved:
can: hi311x: hi3110_can_ist(): fix potential use-after-free
The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr
during bus-off") removed the reporting of rxerr and txerr even in case
of correct operation (i. e. not bus-off).
The error count information added to the CAN frame after netif_rx() is
a potential use after free, since there is no guarantee that the skb
is in the same state. It might be freed or reused.
Fix the issue by postponing the netif_rx() call in case of txerr and
rxerr reporting.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.14.291 < 4.15
Linux ≫ Linux Kernel Version >= 4.19.256 < 4.20
Linux ≫ Linux Kernel Version >= 5.4.211 < 5.5
Linux ≫ Linux Kernel Version >= 5.10.137 < 5.11
Linux ≫ Linux Kernel Version >= 5.15.61 < 5.16
Linux ≫ Linux Kernel Version >= 5.18.18 < 5.19
Linux ≫ Linux Kernel Version >= 5.19.2 < 5.20
Linux ≫ Linux Kernel Version >= 6.0 < 6.1.120
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.66
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.5
Linux ≫ Linux Kernel Version6.13 Updaterc1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.134 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/1128022009444faf49359bd406cd665b177cb643
https://git.kernel.org/stable/c/4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1
https://git.kernel.org/stable/c/9ad86d377ef4a19c75a9c639964879a5b25a433b
https://git.kernel.org/stable/c/bc30b2fe8c54694f8ae08a5b8a5d174d16d93075
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html