We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-56651

can: hi311x: hi3110_can_ist(): fix potential use-after-free



Description

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off). The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused. Fix the issue by postponing the netif_rx() call in case of txerr and rxerr reporting.

Reserved 2024-12-27 | Published 2024-12-27 | Updated 2025-01-20 | Assigner Linux

Product status

Default status
unaffected

a22bd630cfff496b270211745536e50e98eb3a45 before 4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1
affected

a22bd630cfff496b270211745536e50e98eb3a45 before 1128022009444faf49359bd406cd665b177cb643
affected

a22bd630cfff496b270211745536e50e98eb3a45 before bc30b2fe8c54694f8ae08a5b8a5d174d16d93075
affected

a22bd630cfff496b270211745536e50e98eb3a45 before 9ad86d377ef4a19c75a9c639964879a5b25a433b
affected

Default status
affected

6.0
affected

Any version before 6.0
unaffected

6.1.120
unaffected

6.6.66
unaffected

6.12.5
unaffected

6.13
unaffected

References

git.kernel.org/...c/4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1

git.kernel.org/...c/1128022009444faf49359bd406cd665b177cb643

git.kernel.org/...c/bc30b2fe8c54694f8ae08a5b8a5d174d16d93075

git.kernel.org/...c/9ad86d377ef4a19c75a9c639964879a5b25a433b

cve.org (CVE-2024-56651)

nvd.nist.gov (CVE-2024-56651)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-56651

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.