THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2021-47232

can: j1939: fix Use-after-Free, hold skb ref while in use

AssignerLinux
Reserved2024-04-10
Published2024-05-21
Updated2024-06-06

Description

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to a Use-after-Free if the skb is taken concurrently from the session queue due to a CTS.

Product status

Default status
unaffected

9d71dd0c7009 before 22cba878abf6
affected

9d71dd0c7009 before 509ab6bfdd0c
affected

9d71dd0c7009 before 1071065eeb33
affected

9d71dd0c7009 before 2030043e616c
affected

Default status
affected

5.4
affected

Any version before 5.4
unaffected

5.4.128
unaffected

5.10.46
unaffected

5.12.13
unaffected

5.13
unaffected

References

https://git.kernel.org/stable/c/22cba878abf646cd3a02ee7c8c2cef7afe66a256

https://git.kernel.org/stable/c/509ab6bfdd0c76daebbad0f0af07da712116de22

https://git.kernel.org/stable/c/1071065eeb33d32b7d98c2ce7591881ae7381705

https://git.kernel.org/stable/c/2030043e616cab40f510299f09b636285e0a3678

cve.org CVE-2021-47232

nvd.nist.gov CVE-2021-47232

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-47232
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +