CVE-2021-47232

can: j1939: fix Use-after-Free, hold skb ref while in use

Severity Score

8.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue,
without incrementing the ref count. This leads to a Use-after-Free if
the skb is taken concurrently from the session queue due to a CTS.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: j1939: corrige Use-after-Free, mantenga presionada la referencia skb mientras está en uso. Este parche corrige un Use-after-Free encontrado por syzbot. El problema es que se toma un skb de la cola de skb por sesión, sin incrementar el recuento de referencias. Esto conduce a un use after free si el skb se toma simultáneamente de la cola de sesión debido a un CTS.

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to a Use-after-Free if the skb is taken concurrently from the session queue due to a CTS.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-04-10 CVE Reserved
2024-05-21 CVE Published
2024-12-19 CVE Updated
2025-04-05 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/22cba878abf646cd3a02ee7c8c2cef7afe66a256	2021-06-23
https://git.kernel.org/stable/c/509ab6bfdd0c76daebbad0f0af07da712116de22	2021-06-23
https://git.kernel.org/stable/c/1071065eeb33d32b7d98c2ce7591881ae7381705	2021-06-23
https://git.kernel.org/stable/c/2030043e616cab40f510299f09b636285e0a3678	2021-06-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.4.128 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.128"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.10.46 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.10.46"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.12.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.12.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.13"		en		Affected