CVE-2021-47521

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: sja1000: fix use after free in ems_pcmcia_add_card()

If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev->irq" instead.

Also we should check if at least one channel was set up.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfd734c6f25aea4b2b44b045e489aec67b388577e < cbd86110546f7f730a1f5d7de56c944a336c15c4affected
LinuxLinuxfd734c6f25aea4b2b44b045e489aec67b388577e < 1dd5b819f7e406dc15bbc7670596ff25261aaa2aaffected
LinuxLinuxfd734c6f25aea4b2b44b045e489aec67b388577e < c8718026ba287168ff9ad0ccc4f9a413062cba36affected
LinuxLinuxfd734c6f25aea4b2b44b045e489aec67b388577e < ccf070183e4655824936c0f96c4a2bcca93419aaaffected
LinuxLinuxfd734c6f25aea4b2b44b045e489aec67b388577e < 1a295fea90e1acbe80c6d4940f5ff856edcd6becaffected
LinuxLinuxfd734c6f25aea4b2b44b045e489aec67b388577e < 923f4dc5df679f678e121c20bf2fd70f7bf3e288affected
LinuxLinuxfd734c6f25aea4b2b44b045e489aec67b388577e < 474f9a8534f5f89841240a7e978bafd6e1e039ceaffected
LinuxLinuxfd734c6f25aea4b2b44b045e489aec67b388577e < 3ec6ca6b1a8e64389f0212b5a1b0f6fed1909e45affected
LinuxLinux3.2affected
LinuxLinux0 < 3.2unaffected
LinuxLinux4.4.295 <= 4.4.*unaffected
LinuxLinux4.9.293 <= 4.9.*unaffected
LinuxLinux4.14.258 <= 4.14.*unaffected
LinuxLinux4.19.221 <= 4.19.*unaffected
LinuxLinux5.4.165 <= 5.4.*unaffected
LinuxLinux5.10.85 <= 5.10.*unaffected
LinuxLinux5.15.8 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References