CVE-2021-46966
ACPI: custom_method: fix potential use-after-free issue
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the
function. If the requested count is less than table.length, the
allocated buffer will be freed but subsequent calls to cm_write() will
still try to access it. Remove the unconditional kfree(buf) at the end of the function and
set the buf to NULL in the -EINVAL error path to match the rest of
function.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: custom_method: soluciona un posible problema de use-after-free En cm_write(), buf siempre se libera al llegar al final de la función. Si el recuento solicitado es menor que table.length, el búfer asignado se liberará, pero las llamadas posteriores a cm_write() seguirán intentando acceder a él. Elimine el kfree(buf) incondicional al final de la función y establezca el buf en NULL en la ruta de error -EINVAL para que coincida con el resto de la función.
In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it. Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-27 CVE Reserved
- 2024-02-27 CVE Published
- 2024-12-19 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/4bda2b79a9d04c8ba31681c66e95877dbb433416 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/5c12dadcbef8cd55ef1f5dac799bfcbb7ea7db1d | Vuln. Introduced | |
| https://git.kernel.org/stable/c/35b88a10535edcf62d3e6b7893a8cd506ff98a24 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/e4467fb6ef547aa352dc03397f9474ec84eced5b | Vuln. Introduced | |
| https://git.kernel.org/stable/c/03d1571d9513369c17e6848476763ebbd10ec2cb | Vuln. Introduced | |
| https://git.kernel.org/stable/c/70424999fbf1f160ade111cb9baab51776e0f9c2 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/06cd4a06eb596a888239fb8ceb6ea15677cab396 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.4.195 < 4.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4.195 < 4.4.269" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.9.195 < 4.9.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9.195 < 4.9.269" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.14.147 < 4.14.233 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.147 < 4.14.233" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.19.77 < 4.19.191 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.77 < 4.19.191" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.4.118 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.118" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.10.36 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.10.36" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.11.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.11.20" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.12.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.12.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.13" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.2.19 Search vendor "Linux" for product "Linux Kernel" and version "5.2.19" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.3.4 Search vendor "Linux" for product "Linux Kernel" and version "5.3.4" | en |
Affected
| ||||||