CVE-2021-47232

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: j1939: fix Use-after-Free, hold skb ref while in use

This patch fixes a Use-after-Free found by the syzbot.

The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to a Use-after-Free if the skb is taken concurrently from the session queue due to a CTS.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 22cba878abf646cd3a02ee7c8c2cef7afe66a256affected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 509ab6bfdd0c76daebbad0f0af07da712116de22affected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 1071065eeb33d32b7d98c2ce7591881ae7381705affected
LinuxLinux9d71dd0c70099914fcd063135da3c580865e924c < 2030043e616cab40f510299f09b636285e0a3678affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.128 <= 5.4.*unaffected
LinuxLinux5.10.46 <= 5.10.*unaffected
LinuxLinux5.12.13 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References