CVE-2021-46973

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
27/02/2024
Last modified:
14/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: qrtr: Avoid potential use after free in MHI send<br /> <br /> It is possible that the MHI ul_callback will be invoked immediately<br /> following the queueing of the skb for transmission, leading to the<br /> callback decrementing the refcount of the associated sk and freeing the<br /> skb.<br /> <br /> As such the dereference of skb and the increment of the sk refcount must<br /> happen before the skb is queued, to avoid the skb to be used after free<br /> and potentially the sk to drop its last refcount..

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.8 (including) 5.10.35 (including)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.11.19 (including)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.12 (including) 5.12.2 (including)