CVE-2021-47456

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-47456

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47456.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-47456

Downstream

DEBIAN-CVE-2021-47456

OESA-2024-1736

RHSA-2024:4211

RHSA-2024:4352

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

UBUNTU-CVE-2021-47456

Related

Published

2024-05-22T07:15:10Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

can: peakpci: peakpci_remove(): fix UAF

When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cause UAF.

Fix this by releasing 'dev' later.

The following log reveals it:

[ 35.961814 ] BUG: KASAN: use-after-free in peakpciremove+0x16f/0x270 [peakpci] [ 35.963414 ] Read of size 8 at addr ffff888136998ee8 by task modprobe/5537 [ 35.965513 ] Call Trace: [ 35.965718 ] dumpstacklvl+0xa8/0xd1 [ 35.966028 ] printaddressdescription+0x87/0x3b0 [ 35.966420 ] kasanreport+0x172/0x1c0 [ 35.966725 ] ? peakpciremove+0x16f/0x270 [peakpci] [ 35.967137 ] ? traceirqenablercuidle+0x10/0x170 [ 35.967529 ] ? peakpciremove+0x16f/0x270 [peakpci] [ 35.967945 ] _asanreportload8noabort+0x14/0x20 [ 35.968346 ] peakpciremove+0x16f/0x270 [peakpci] [ 35.968752 ] pcideviceremove+0xa9/0x250

References

Affected packages