CVE-2021-47670
HIGHLinux Kernel < 4.19.171 - Use-After-Free in CAN peak_usb Netif RX Handler
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni(). Reordering the lines solves the issue.
References (4)
Core 4
Core References
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
5.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (12)
Linux/Linux
< 4.0
Linux/Linux
0a25e1f4f18566b750ebd3ae995af64e23111e63 - 50aca891d7a554db0901b245167cd653d73aaa71
Linux/Linux
0a25e1f4f18566b750ebd3ae995af64e23111e63 - 5408824636fa0dfedb9ecb0d94abd573131bfbbe
Linux/Linux
0a25e1f4f18566b750ebd3ae995af64e23111e63 - ddd1416f44130377798c1430b76503513b7497c2
Linux/Linux
0a25e1f4f18566b750ebd3ae995af64e23111e63 - ec939c13c3fff2114479769c8380b7f1a54feca9
Linux/Linux
4.0
Linux/Linux
4.19.171 - 4.19.*
Linux/Linux
5.10.11 - 5.10.*
Linux/Linux
5.11
Linux/Linux
5.4.93 - 5.4.*
... and 2 more
Published
Apr 17, 2025
Tracked Since
Feb 18, 2026