CVE-2021-47017

Summary

In the Linux kernel, the following vulnerability has been resolved:

ath10k: Fix a use after free in ath10k_htc_send_bundle

In ath10k_htc_send_bundle, the bundle_skb could be freed by dev_kfree_skb_any(bundle_skb). But the bundle_skb is used later by bundle_skb->len.

As skb_len = bundle_skb->len, my patch replaces bundle_skb->len to skb_len after the bundle_skb was freed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc8334512f3dd1b94844baca629f9bedca4271593 < 8bb054fb336f4250002fff4e0b075221c05c3c65affected
LinuxLinuxc8334512f3dd1b94844baca629f9bedca4271593 < 3b1ac40c6012140828caa79e592a438a18ebf71baffected
LinuxLinuxc8334512f3dd1b94844baca629f9bedca4271593 < 5e413c0831ff4700d1739db3fa3ae9f859744676affected
LinuxLinuxc8334512f3dd1b94844baca629f9bedca4271593 < 8392df5d7e0b6a7d21440da1fc259f9938f4dec3affected
LinuxLinux5.8affected
LinuxLinux0 < 5.8unaffected
LinuxLinux5.10.37 <= 5.10.*unaffected
LinuxLinux5.11.21 <= 5.11.*unaffected
LinuxLinux5.12.4 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References