CVE-2021-47017

In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix a use after free in ath10k_htc_send_bundle In ath10k_htc_send_bundle, the bundle_skb could be freed by dev_kfree_skb_any(bundle_skb). But the bundle_skb is used later by bundle_skb->len. As skb_len = bundle_skb->len, my patch replaces bundle_skb->len to skb_len after the bundle_skb was freed.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3b1ac40c6012140828caa79e592a438a18ebf71b	Patch
https://git.kernel.org/stable/c/5e413c0831ff4700d1739db3fa3ae9f859744676	Patch
https://git.kernel.org/stable/c/8392df5d7e0b6a7d21440da1fc259f9938f4dec3	Patch
https://git.kernel.org/stable/c/8bb054fb336f4250002fff4e0b075221c05c3c65	Patch
https://git.kernel.org/stable/c/3b1ac40c6012140828caa79e592a438a18ebf71b	Patch
https://git.kernel.org/stable/c/5e413c0831ff4700d1739db3fa3ae9f859744676	Patch
https://git.kernel.org/stable/c/8392df5d7e0b6a7d21440da1fc259f9938f4dec3	Patch
https://git.kernel.org/stable/c/8bb054fb336f4250002fff4e0b075221c05c3c65	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

09 Dec 2024, 17:59

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/3b1ac40c6012140828caa79e592a438a18ebf71b -~~	() https://git.kernel.org/stable/c/3b1ac40c6012140828caa79e592a438a18ebf71b - Patch
References	~~() https://git.kernel.org/stable/c/5e413c0831ff4700d1739db3fa3ae9f859744676 -~~	() https://git.kernel.org/stable/c/5e413c0831ff4700d1739db3fa3ae9f859744676 - Patch
References	~~() https://git.kernel.org/stable/c/8392df5d7e0b6a7d21440da1fc259f9938f4dec3 -~~	() https://git.kernel.org/stable/c/8392df5d7e0b6a7d21440da1fc259f9938f4dec3 - Patch
References	~~() https://git.kernel.org/stable/c/8bb054fb336f4250002fff4e0b075221c05c3c65 -~~	() https://git.kernel.org/stable/c/8bb054fb336f4250002fff4e0b075221c05c3c65 - Patch
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-416
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

21 Nov 2024, 06:35

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath10k: corrige un use after free en ath10k_htc_send_bundle En ath10k_htc_send_bundle, el paquete_skb podría ser liberado por dev_kfree_skb_any(bundle_skb). Pero el paquete_skb lo utiliza más tarde el paquete_skb->len. Como skb_len = bundle_skb->len, mi parche reemplaza bundle_skb->len por skb_len después de que se liberó el paquete_skb.
References	~~() https://git.kernel.org/stable/c/3b1ac40c6012140828caa79e592a438a18ebf71b -~~	() https://git.kernel.org/stable/c/3b1ac40c6012140828caa79e592a438a18ebf71b -
References	~~() https://git.kernel.org/stable/c/5e413c0831ff4700d1739db3fa3ae9f859744676 -~~	() https://git.kernel.org/stable/c/5e413c0831ff4700d1739db3fa3ae9f859744676 -
References	~~() https://git.kernel.org/stable/c/8392df5d7e0b6a7d21440da1fc259f9938f4dec3 -~~	() https://git.kernel.org/stable/c/8392df5d7e0b6a7d21440da1fc259f9938f4dec3 -
References	~~() https://git.kernel.org/stable/c/8bb054fb336f4250002fff4e0b075221c05c3c65 -~~	() https://git.kernel.org/stable/c/8bb054fb336f4250002fff4e0b075221c05c3c65 -

28 Feb 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-28 09:15

Updated : 2024-12-09 17:59

NVD link : CVE-2021-47017

Mitre link : CVE-2021-47017

CVE.ORG link : CVE-2021-47017

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10