Assigner | Linux |
Reserved | 2024-04-10 |
Published | 2024-05-21 |
Updated | 2024-06-06 |
Description
In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to a Use-after-Free if the skb is taken concurrently from the session queue due to a CTS.
Product status
9d71dd0c7009 before 22cba878abf6
9d71dd0c7009 before 509ab6bfdd0c
9d71dd0c7009 before 1071065eeb33
9d71dd0c7009 before 2030043e616c
5.4
Any version before 5.4
5.4.128
5.10.46
5.12.13
5.13
References
https://git.kernel.org/stable/c/22cba878abf646cd3a02ee7c8c2cef7afe66a256
https://git.kernel.org/stable/c/509ab6bfdd0c76daebbad0f0af07da712116de22
https://git.kernel.org/stable/c/1071065eeb33d32b7d98c2ce7591881ae7381705
https://git.kernel.org/stable/c/2030043e616cab40f510299f09b636285e0a3678