CVE-2021-46966

HIGH

Linux Kernel 4.4.195-4.4.269 - Use-After-Free in ACPI Custom Method Write

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it. Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function.

Scores

CVSS v3 7.8
EPSS 0.0023
EPSS Percentile 13.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (29)
Linux/Linux < 5.4
Linux/Linux 03d1571d9513369c17e6848476763ebbd10ec2cb - 62dc2440ebb552aa0d7f635e1697e077d9d21203
Linux/Linux 03d1571d9513369c17e6848476763ebbd10ec2cb - 72814a94c38a33239793f7622cec6ace1e540c4b
Linux/Linux 03d1571d9513369c17e6848476763ebbd10ec2cb - b7a5baaae212a686ceb812c32fceed79c03c0234
Linux/Linux 03d1571d9513369c17e6848476763ebbd10ec2cb - e483bb9a991bdae29a0caa4b3a6d002c968f94aa
Linux/Linux 03d1571d9513369c17e6848476763ebbd10ec2cb - f16737caf41fc06cfe6e49048becb09657074d4b
Linux/Linux 06cd4a06eb596a888239fb8ceb6ea15677cab396
Linux/Linux 35b88a10535edcf62d3e6b7893a8cd506ff98a24 - 90575d1d9311b753cf1718f4ce9061ddda7dfd23
Linux/Linux 4.14.147 - 4.14.233
Linux/Linux 4.14.233 - 4.14.*
... and 19 more
Published Feb 27, 2024
Tracked Since Feb 18, 2026