CVE-2021-47232
HIGHLinux Kernel 5.4-5.4.128 - Use-After-Free in CAN J1939 Session SKB Queue
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to a Use-after-Free if the skb is taken concurrently from the session queue due to a CTS.
References (4)
Core 4
Core References
Scores
CVSS v3
8.4
EPSS
0.0024
EPSS Percentile
15.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (12)
Linux/Linux
< 5.4
Linux/Linux
5.10.46 - 5.10.*
Linux/Linux
5.12.13 - 5.12.*
Linux/Linux
5.13
Linux/Linux
5.4
Linux/Linux
5.4.128 - 5.4.*
Linux/Linux
9d71dd0c70099914fcd063135da3c580865e924c - 1071065eeb33d32b7d98c2ce7591881ae7381705
Linux/Linux
9d71dd0c70099914fcd063135da3c580865e924c - 2030043e616cab40f510299f09b636285e0a3678
Linux/Linux
9d71dd0c70099914fcd063135da3c580865e924c - 22cba878abf646cd3a02ee7c8c2cef7afe66a256
Linux/Linux
9d71dd0c70099914fcd063135da3c580865e924c - 509ab6bfdd0c76daebbad0f0af07da712116de22
... and 2 more
Published
May 21, 2024
Tracked Since
Feb 18, 2026