7.8

CVE-2024-56651

can: hi311x: hi3110_can_ist(): fix potential use-after-free

In the Linux kernel, the following vulnerability has been resolved:

can: hi311x: hi3110_can_ist(): fix potential use-after-free

The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr
during bus-off") removed the reporting of rxerr and txerr even in case
of correct operation (i. e. not bus-off).

The error count information added to the CAN frame after netif_rx() is
a potential use after free, since there is no guarantee that the skb
is in the same state. It might be freed or reused.

Fix the issue by postponing the netif_rx() call in case of txerr and
rxerr reporting.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.14.291 < 4.15
LinuxLinux Kernel Version >= 4.19.256 < 4.20
LinuxLinux Kernel Version >= 5.4.211 < 5.5
LinuxLinux Kernel Version >= 5.10.137 < 5.11
LinuxLinux Kernel Version >= 5.15.61 < 5.16
LinuxLinux Kernel Version >= 5.18.18 < 5.19
LinuxLinux Kernel Version >= 5.19.2 < 5.20
LinuxLinux Kernel Version >= 6.0 < 6.1.120
LinuxLinux Kernel Version >= 6.2 < 6.6.66
LinuxLinux Kernel Version >= 6.7 < 6.12.5
LinuxLinux Kernel Version6.13 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.134
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/1128022009444faf49359bd406cd665b177cb643
Patch
https://git.kernel.org/stable/c/4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1
Patch
https://git.kernel.org/stable/c/9ad86d377ef4a19c75a9c639964879a5b25a433b
Patch
https://git.kernel.org/stable/c/bc30b2fe8c54694f8ae08a5b8a5d174d16d93075
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html