CVE-2021-47013
Published: Feb 28, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len to 'len' before the possible free and use 'len' instead of skb->len later.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected b9b17debc69d27cd55e21ee51a5ba7fc50a426cf - < c7f75d11fe72913d2619f97b2334b083cd7bb955affected b9b17debc69d27cd55e21ee51a5ba7fc50a426cf - < dc1b438a35773d030be0ee80d9c635c3e558a322affected b9b17debc69d27cd55e21ee51a5ba7fc50a426cf - < 16d8c44be52e3650917736d45f5904384a9da834affected b9b17debc69d27cd55e21ee51a5ba7fc50a426cf - < 55fcdd1258faaecca74b91b88cc0921f9edd775daffected b9b17debc69d27cd55e21ee51a5ba7fc50a426cf - < 9dc373f74097edd0e35f3393d6248eda8d1ba99d+3 more versions |
Linux | Linux | affected 4.9unaffected 0 - < 4.9unaffected 4.9.269 - <= 4.9.*unaffected 4.14.233 - <= 4.14.*unaffected 4.19.191 - <= 4.19.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now