CVE - CVE-2021-47456

CVE-ID
CVE-2021-47456	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cause UAF. Fix this by releasing 'dev' later. The following log reveals it: [ 35.961814 ] BUG: KASAN: use-after-free in peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.963414 ] Read of size 8 at addr ffff888136998ee8 by task modprobe/5537 [ 35.965513 ] Call Trace: [ 35.965718 ] dump_stack_lvl+0xa8/0xd1 [ 35.966028 ] print_address_description+0x87/0x3b0 [ 35.966420 ] kasan_report+0x172/0x1c0 [ 35.966725 ] ? peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.967137 ] ? trace_irq_enable_rcuidle+0x10/0x170 [ 35.967529 ] ? peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.967945 ] __asan_report_load8_noabort+0x14/0x20 [ 35.968346 ] peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.968752 ] pci_device_remove+0xa9/0x250
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d URL:https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d MISC:https://git.kernel.org/stable/c/1248582e47a9f7ce0ecd156c39fc61f8b6aa3699 URL:https://git.kernel.org/stable/c/1248582e47a9f7ce0ecd156c39fc61f8b6aa3699 MISC:https://git.kernel.org/stable/c/1c616528ba4aeb1125a06b407572ab7b56acae38 URL:https://git.kernel.org/stable/c/1c616528ba4aeb1125a06b407572ab7b56acae38 MISC:https://git.kernel.org/stable/c/28f28e4bc3a5e0051faa963f10b778ab38c1db69 URL:https://git.kernel.org/stable/c/28f28e4bc3a5e0051faa963f10b778ab38c1db69 MISC:https://git.kernel.org/stable/c/34914971bb3244db4ce2be44e9438a9b30c56250 URL:https://git.kernel.org/stable/c/34914971bb3244db4ce2be44e9438a9b30c56250 MISC:https://git.kernel.org/stable/c/447d44cd2f67a20b596ede3ca3cd67086dfd9ca9 URL:https://git.kernel.org/stable/c/447d44cd2f67a20b596ede3ca3cd67086dfd9ca9 MISC:https://git.kernel.org/stable/c/949fe9b35570361bc6ee2652f89a0561b26eec98 URL:https://git.kernel.org/stable/c/949fe9b35570361bc6ee2652f89a0561b26eec98 MISC:https://git.kernel.org/stable/c/adbda14730aacce41c0d3596415aa39ad63eafd9 URL:https://git.kernel.org/stable/c/adbda14730aacce41c0d3596415aa39ad63eafd9
Assigning CNA
kernel.org
Date Record Created
20240521	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240521)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)