CVE-2021-47232

HIGH

Linux Kernel 5.4-5.4.128 - Use-After-Free in CAN J1939 Session SKB Queue

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to a Use-after-Free if the skb is taken concurrently from the session queue due to a CTS.

Scores

CVSS v3 8.4
EPSS 0.0024
EPSS Percentile 15.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (12)
Linux/Linux < 5.4
Linux/Linux 5.10.46 - 5.10.*
Linux/Linux 5.12.13 - 5.12.*
Linux/Linux 5.13
Linux/Linux 5.4
Linux/Linux 5.4.128 - 5.4.*
Linux/Linux 9d71dd0c70099914fcd063135da3c580865e924c - 1071065eeb33d32b7d98c2ce7591881ae7381705
Linux/Linux 9d71dd0c70099914fcd063135da3c580865e924c - 2030043e616cab40f510299f09b636285e0a3678
Linux/Linux 9d71dd0c70099914fcd063135da3c580865e924c - 22cba878abf646cd3a02ee7c8c2cef7afe66a256
Linux/Linux 9d71dd0c70099914fcd063135da3c580865e924c - 509ab6bfdd0c76daebbad0f0af07da712116de22
... and 2 more
Published May 21, 2024
Tracked Since Feb 18, 2026