CVE-2021-47459

HIGH

Linux Kernel 5.4-5.4.156 - Use-After-Free in j1939_netdev_start

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv It will trigger UAF for rx_kref of j1939_priv as following. cpu0 cpu1 j1939_sk_bind(socket0, ndev0, ...) j1939_netdev_start j1939_sk_bind(socket1, ndev0, ...) j1939_netdev_start j1939_priv_set j1939_priv_get_by_ndev_locked j1939_jsk_add ..... j1939_netdev_stop kref_put_lock(&priv->rx_kref, ...) kref_get(&priv->rx_kref, ...) REFCOUNT_WARN("addition on 0;...") ==================================================== refcount_t: addition on 0; use-after-free. WARNING: CPU: 1 PID: 20874 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0 RIP: 0010:refcount_warn_saturate+0x169/0x1e0 Call Trace: j1939_netdev_start+0x68b/0x920 j1939_sk_bind+0x426/0xeb0 ? security_socket_bind+0x83/0xb0 The rx_kref's kref_get() and kref_put() should use j1939_netdev_lock to protect.

Scores

CVSS v3 7.8
EPSS 0.0022
EPSS Percentile 13.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (12)
Linux/Linux < 5.4
Linux/Linux 5.10.76 - 5.10.*
Linux/Linux 5.14.15 - 5.14.*
Linux/Linux 5.15
Linux/Linux 5.4
Linux/Linux 5.4.156 - 5.4.*
Linux/Linux 9d71dd0c70099914fcd063135da3c580865e924c - 6e8811707e2df0c6ba920f0cad3a3bca7b42132f
Linux/Linux 9d71dd0c70099914fcd063135da3c580865e924c - 864e77771a24c877aaf53aee019f78619cbcd668
Linux/Linux 9d71dd0c70099914fcd063135da3c580865e924c - a0e47d2833b4f65e6c799f28c6b636d36b8b936d
Linux/Linux 9d71dd0c70099914fcd063135da3c580865e924c - d9d52a3ebd284882f5562c88e55991add5d01586
... and 2 more
Published May 22, 2024
Tracked Since Feb 18, 2026