CVE-2021-47456
Published: May 22, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cause UAF. Fix this by releasing 'dev' later. The following log reveals it: [ 35.961814 ] BUG: KASAN: use-after-free in peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.963414 ] Read of size 8 at addr ffff888136998ee8 by task modprobe/5537 [ 35.965513 ] Call Trace: [ 35.965718 ] dump_stack_lvl+0xa8/0xd1 [ 35.966028 ] print_address_description+0x87/0x3b0 [ 35.966420 ] kasan_report+0x172/0x1c0 [ 35.966725 ] ? peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.967137 ] ? trace_irq_enable_rcuidle+0x10/0x170 [ 35.967529 ] ? peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.967945 ] __asan_report_load8_noabort+0x14/0x20 [ 35.968346 ] peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.968752 ] pci_device_remove+0xa9/0x250
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected e6d9c80b7ca1504411ad6d7acdb8683e4ae1c9cd - < 1c616528ba4aeb1125a06b407572ab7b56acae38affected e6d9c80b7ca1504411ad6d7acdb8683e4ae1c9cd - < 447d44cd2f67a20b596ede3ca3cd67086dfd9ca9affected e6d9c80b7ca1504411ad6d7acdb8683e4ae1c9cd - < 34914971bb3244db4ce2be44e9438a9b30c56250affected e6d9c80b7ca1504411ad6d7acdb8683e4ae1c9cd - < adbda14730aacce41c0d3596415aa39ad63eafd9affected e6d9c80b7ca1504411ad6d7acdb8683e4ae1c9cd - < 1248582e47a9f7ce0ecd156c39fc61f8b6aa3699+3 more versions |
Linux | Linux | affected 3.4unaffected 0 - < 3.4unaffected 4.4.290 - <= 4.4.*unaffected 4.9.288 - <= 4.9.*unaffected 4.14.253 - <= 4.14.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now