CVE-2021-46998

HIGH

Linux Kernel 4.16-4.19.191 - Use-After-Free in enic_hard_start_xmit

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ethernet:enic: Fix a use after free bug in enic_hard_start_xmit In enic_hard_start_xmit, it calls enic_queue_wq_skb(). Inside enic_queue_wq_skb, if some error happens, the skb will be freed by dev_kfree_skb(skb). But the freed skb is still used in skb_tx_timestamp(skb). My patch makes enic_queue_wq_skb() return error and goto spin_unlock() incase of error. The solution is provided by Govind. See https://lkml.org/lkml/2021/4/30/961.

Scores

CVSS v3 7.8
EPSS 0.0024
EPSS Percentile 15.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (15)
Linux/Linux < 4.16
Linux/Linux 4.16
Linux/Linux 4.19.191 - 4.19.*
Linux/Linux 5.10.38 - 5.10.*
Linux/Linux 5.11.22 - 5.11.*
Linux/Linux 5.12.5 - 5.12.*
Linux/Linux 5.13
Linux/Linux 5.4.120 - 5.4.*
Linux/Linux fb7516d42478ebc8e2f00efb76ef96f7b68fd8d3 - 25a87b1f566b5eb2af2857a928f0e2310d900976
Linux/Linux fb7516d42478ebc8e2f00efb76ef96f7b68fd8d3 - 643001b47adc844ae33510c4bb93c236667008a3
... and 5 more
Published Feb 28, 2024
Tracked Since Feb 18, 2026