CVE-2021-47232
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: fix Use-after-Free, hold skb ref while in use
This patch fixes a Use-after-Free found by the syzbot.
The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to a Use-after-Free if the skb is taken concurrently from the session queue due to a CTS.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 9d71dd0c70099914fcd063135da3c580865e924c < 22cba878abf646cd3a02ee7c8c2cef7afe66a256 | affected |
| Linux | Linux | 9d71dd0c70099914fcd063135da3c580865e924c < 509ab6bfdd0c76daebbad0f0af07da712116de22 | affected |
| Linux | Linux | 9d71dd0c70099914fcd063135da3c580865e924c < 1071065eeb33d32b7d98c2ce7591881ae7381705 | affected |
| Linux | Linux | 9d71dd0c70099914fcd063135da3c580865e924c < 2030043e616cab40f510299f09b636285e0a3678 | affected |
| Linux | Linux | 5.4 | affected |
| Linux | Linux | 0 < 5.4 | unaffected |
| Linux | Linux | 5.4.128 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.46 <= 5.10.* | unaffected |
| Linux | Linux | 5.12.13 <= 5.12.* | unaffected |
| Linux | Linux | 5.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/22cba878abf646cd3a02ee7c8c2cef7afe66a256
- https://git.kernel.org/stable/c/509ab6bfdd0c76daebbad0f0af07da712116de22
- https://git.kernel.org/stable/c/1071065eeb33d32b7d98c2ce7591881ae7381705
- https://git.kernel.org/stable/c/2030043e616cab40f510299f09b636285e0a3678
References
- https://git.kernel.org/stable/c/22cba878abf646cd3a02ee7c8c2cef7afe66a256
- https://git.kernel.org/stable/c/509ab6bfdd0c76daebbad0f0af07da712116de22
- https://git.kernel.org/stable/c/1071065eeb33d32b7d98c2ce7591881ae7381705
- https://git.kernel.org/stable/c/2030043e616cab40f510299f09b636285e0a3678
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.