Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-47520
HistoryMay 24, 2024 - 12:00 a.m.

CVE-2021-47520

2024-05-2400:00:00
ubuntu.com
ubuntu.com
1
linux
kernel
vulnerability
pch_can_rx_normal
use after free
netif_receive_skb
dereferencing
skb
can_frame
reordering

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

In the Linux kernel, the following vulnerability has been resolved: can:
pch_can: pch_can_rx_normal: fix use after free After calling
netif_receive_skb(skb), dereferencing skb is unsafe. Especially, the
can_frame cf which aliases skb memory is dereferenced just after the call
netif_receive_skb(skb). Reordering the lines solves the issue.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%