Lucene search

Ubuntu.comUB:CVE-2021-47232

HistoryMay 21, 2024 - 12:00 a.m.

CVE-2021-47232

2024-05-2100:00:00

ubuntu.com

linux kernel

patch

use-after-free

vulnerability

can: j1939

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved: can:
j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a
Use-after-Free found by the syzbot. The problem is that a skb is taken from
the per-session skb queue, without incrementing the ref count. This leads
to a Use-after-Free if the skb is taken concurrently from the session queue
due to a CTS.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu18.04noarchlinux-aws-5.4< anyUNKNOWN
ubuntu20.04noarchlinux-azure< anyUNKNOWN
ubuntu18.04noarchlinux-azure-5.4< anyUNKNOWN
ubuntu20.04noarchlinux-bluefield< anyUNKNOWN
ubuntu20.04noarchlinux-gcp< anyUNKNOWN
ubuntu18.04noarchlinux-gcp-5.4< anyUNKNOWN
ubuntu20.04noarchlinux-gkeop< anyUNKNOWN
ubuntu18.04noarchlinux-hwe-5.4< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	18.04	noarch	linux-azure-5.4	< any	UNKNOWN
ubuntu	20.04	noarch	linux-bluefield	< any	UNKNOWN
ubuntu	20.04	noarch	linux-gcp	< any	UNKNOWN
ubuntu	18.04	noarch	linux-gcp-5.4	< any	UNKNOWN
ubuntu	20.04	noarch	linux-gkeop	< any	UNKNOWN
ubuntu	18.04	noarch	linux-hwe-5.4	< any	UNKNOWN

Rows per page:

1-10 of 151

References

git.kernel.org/linus/2030043e616cab40f510299f09b636285e0a3678 (5.13-rc7)

git.kernel.org/stable/c/1071065eeb33d32b7d98c2ce7591881ae7381705

git.kernel.org/stable/c/2030043e616cab40f510299f09b636285e0a3678

git.kernel.org/stable/c/22cba878abf646cd3a02ee7c8c2cef7afe66a256

git.kernel.org/stable/c/509ab6bfdd0c76daebbad0f0af07da712116de22

launchpad.net/bugs/cve/CVE-2021-47232

nvd.nist.gov/vuln/detail/CVE-2021-47232

security-tracker.debian.org/tracker/CVE-2021-47232

www.cve.org/CVERecord?id=CVE-2021-47232

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for UB:CVE-2021-47232