CVE-2021-47235
- Source
- https://cve.org/CVERecord?id=CVE-2021-47235
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47235.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-47235
- Downstream
- Related
- Published
- 2024-05-21T15:15:12.777Z
- Modified
- 2026-03-13T05:20:38.307535Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: fix potential use-after-free in ecbhfremove
static void ecbhfremove(struct pcidev *dev) { ... struct ecbhfpriv *priv = netdevpriv(net_dev);
unregister_netdev(net_dev); free_netdev(net_dev); pci_iounmap(dev, priv->dma_io); pci_iounmap(dev, priv->io);... }
priv is netdev private data, but it is used after freenetdev(). It can cause use-after-free when accessing priv pointer. So, fix it by moving freenetdev() after pci_iounmap() calls.
- References
-
- https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130
- https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8
- https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2
- https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a
- https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6
- https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea
- https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6
- https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "3.15"
},
{
"fixed": "4.4.274"
}
]
},
{
"events": [
{
"introduced": "4.5"
},
{
"fixed": "4.9.274"
}
]
},
{
"events": [
{
"introduced": "4.10"
},
{
"fixed": "4.14.238"
}
]
},
{
"events": [
{
"introduced": "4.15"
},
{
"fixed": "4.19.196"
}
]
},
{
"events": [
{
"introduced": "4.20"
},
{
"fixed": "5.4.128"
}
]
},
{
"events": [
{
"introduced": "5.5"
},
{
"fixed": "5.10.46"
}
]
},
{
"events": [
{
"introduced": "5.11"
},
{
"fixed": "5.12.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13-rc6"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47235.json"