CVE-2021-46966

ACPI: custom_method: fix potential use-after-free issue

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ACPI: custom_method: fix potential use-after-free issue

In cm_write(), buf is always freed when reaching the end of the
function. If the requested count is less than table.length, the
allocated buffer will be freed but subsequent calls to cm_write() will
still try to access it.

Remove the unconditional kfree(buf) at the end of the function and
set the buf to NULL in the -EINVAL error path to match the rest of
function.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: custom_method: soluciona un posible problema de use-after-free En cm_write(), buf siempre se libera al llegar al final de la función. Si el recuento solicitado es menor que table.length, el búfer asignado se liberará, pero las llamadas posteriores a cm_write() seguirán intentando acceder a él. Elimine el kfree(buf) incondicional al final de la función y establezca el buf en NULL en la ruta de error -EINVAL para que coincida con el resto de la función.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-27 CVE Reserved
2024-02-27 CVE Published
2024-02-28 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (16)

URL	Tag	Source
https://git.kernel.org/stable/c/4bda2b79a9d04c8ba31681c66e95877dbb433416	Vuln. Introduced
https://git.kernel.org/stable/c/5c12dadcbef8cd55ef1f5dac799bfcbb7ea7db1d	Vuln. Introduced
https://git.kernel.org/stable/c/35b88a10535edcf62d3e6b7893a8cd506ff98a24	Vuln. Introduced
https://git.kernel.org/stable/c/e4467fb6ef547aa352dc03397f9474ec84eced5b	Vuln. Introduced
https://git.kernel.org/stable/c/03d1571d9513369c17e6848476763ebbd10ec2cb	Vuln. Introduced
https://git.kernel.org/stable/c/70424999fbf1f160ade111cb9baab51776e0f9c2	Vuln. Introduced
https://git.kernel.org/stable/c/06cd4a06eb596a888239fb8ceb6ea15677cab396	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3bf7e394	2021-05-22
https://git.kernel.org/stable/c/8b04d57f30caf76649d0567551589af9a66ca9be	2021-05-22
https://git.kernel.org/stable/c/90575d1d9311b753cf1718f4ce9061ddda7dfd23	2021-05-22
https://git.kernel.org/stable/c/a5b26a2e362f572d87e9fd35435680e557052a17	2021-05-22
https://git.kernel.org/stable/c/72814a94c38a33239793f7622cec6ace1e540c4b	2021-05-11
https://git.kernel.org/stable/c/62dc2440ebb552aa0d7f635e1697e077d9d21203	2021-05-11
https://git.kernel.org/stable/c/f16737caf41fc06cfe6e49048becb09657074d4b	2021-05-12
https://git.kernel.org/stable/c/b7a5baaae212a686ceb812c32fceed79c03c0234	2021-05-12
https://git.kernel.org/stable/c/e483bb9a991bdae29a0caa4b3a6d002c968f94aa	2021-04-28

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4.195 < 4.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4.195 < 4.4.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9.195 < 4.9.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9.195 < 4.9.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14.147 < 4.14.233 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.147 < 4.14.233"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.77 < 4.19.191 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.77 < 4.19.191"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.4.118 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.118"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.10.36 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.10.36"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.11.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.11.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.12.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.12.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.2.19 Search vendor "Linux" for product "Linux Kernel" and version "5.2.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.3.4 Search vendor "Linux" for product "Linux Kernel" and version "5.3.4"		en		Affected