CVE-2021-47521

can: sja1000: fix use after free in ems_pcmcia_add_card()

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

can: sja1000: fix use after free in ems_pcmcia_add_card()

If the last channel is not available then "dev" is freed. Fortunately,
we can just use "pdev->irq" instead.

Also we should check if at least one channel was set up.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: sja1000: arreglar el use after free en ems_pcmcia_add_card() Si el último canal no está disponible entonces se libera "dev". Afortunadamente, podemos usar "pdev->irq" en su lugar. También debemos comprobar si se configuró al menos un canal.

*Credits: N/A

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-05-24 CVE Reserved
2024-05-24 CVE Published
2024-06-11 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/fd734c6f25aea4b2b44b045e489aec67b388577e	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/cbd86110546f7f730a1f5d7de56c944a336c15c4	2021-12-14
https://git.kernel.org/stable/c/1dd5b819f7e406dc15bbc7670596ff25261aaa2a	2021-12-14
https://git.kernel.org/stable/c/c8718026ba287168ff9ad0ccc4f9a413062cba36	2021-12-14
https://git.kernel.org/stable/c/ccf070183e4655824936c0f96c4a2bcca93419aa	2021-12-14
https://git.kernel.org/stable/c/1a295fea90e1acbe80c6d4940f5ff856edcd6bec	2021-12-14
https://git.kernel.org/stable/c/923f4dc5df679f678e121c20bf2fd70f7bf3e288	2021-12-14
https://git.kernel.org/stable/c/474f9a8534f5f89841240a7e978bafd6e1e039ce	2021-12-14
https://git.kernel.org/stable/c/3ec6ca6b1a8e64389f0212b5a1b0f6fed1909e45	2021-12-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.2 < 4.4.295 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 4.4.295"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.2 < 4.9.293 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 4.9.293"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.2 < 4.14.258 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 4.14.258"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.2 < 4.19.221 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 4.19.221"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.2 < 5.4.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 5.4.165"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.2 < 5.10.85 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 5.10.85"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.2 < 5.15.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 5.15.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.2 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 5.16"		en		Affected