LinuxCVELIST:CVE-2021-47520CVE-2021-47520 can: pch_can: pch_can_rx_normal: fix use after free
In the Linux kernel, the following vulnerability has been resolved:
can: pch_can: pch_can_rx_normal: fix use after free
After calling netif_receive_skb(skb), dereferencing skb is unsafe.
Especially, the can_frame cf which aliases skb memory is dereferenced
just after the call netif_receive_skb(skb).
Reordering the lines solves the issue.
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/net/can/pch_can.c"
],
"versions": [
{
"version": "b21d18b51b31",
"lessThan": "bafe343a885c",
"status": "affected",
"versionType": "git"
},
{
"version": "b21d18b51b31",
"lessThan": "3a3c46e2eff0",
"status": "affected",
"versionType": "git"
},
{
"version": "b21d18b51b31",
"lessThan": "affbad02bf80",
"status": "affected",
"versionType": "git"
},
{
"version": "b21d18b51b31",
"lessThan": "3e193ef4e0a3",
"status": "affected",
"versionType": "git"
},
{
"version": "b21d18b51b31",
"lessThan": "abb4eff3dcd2",
"status": "affected",
"versionType": "git"
},
{
"version": "b21d18b51b31",
"lessThan": "703dde112021",
"status": "affected",
"versionType": "git"
},
{
"version": "b21d18b51b31",
"lessThan": "6c73fc931658",
"status": "affected",
"versionType": "git"
},
{
"version": "b21d18b51b31",
"lessThan": "94cddf1e9227",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/net/can/pch_can.c"
],
"versions": [
{
"version": "2.6.37",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.37",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.4.295",
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.9.293",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.258",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.221",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.165",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.85",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.8",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.16",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]References
git.kernel.org/stable/c/3a3c46e2eff0577454860a203be1a8295f4acb76
git.kernel.org/stable/c/3e193ef4e0a3f5bf92ede83ef214cb09d01b00aa
git.kernel.org/stable/c/6c73fc931658d8cbc8a1714b326cb31eb71d16a7
git.kernel.org/stable/c/703dde112021c93d6e89443c070e7dbd4dea612e
git.kernel.org/stable/c/94cddf1e9227a171b27292509d59691819c458db
git.kernel.org/stable/c/abb4eff3dcd2e583060082a18a8dbf31f02689d4
git.kernel.org/stable/c/affbad02bf80380a7403885b9fe4a1587d1bb4f3
git.kernel.org/stable/c/bafe343a885c70dddf358379cf0b2a1c07355d8d
Related
