CVE-2021-47459
Published: May 22, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv It will trigger UAF for rx_kref of j1939_priv as following. cpu0 cpu1 j1939_sk_bind(socket0, ndev0, ...) j1939_netdev_start j1939_sk_bind(socket1, ndev0, ...) j1939_netdev_start j1939_priv_set j1939_priv_get_by_ndev_locked j1939_jsk_add ..... j1939_netdev_stop kref_put_lock(&priv->rx_kref, ...) kref_get(&priv->rx_kref, ...) REFCOUNT_WARN("addition on 0;...") ==================================================== refcount_t: addition on 0; use-after-free. WARNING: CPU: 1 PID: 20874 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0 RIP: 0010:refcount_warn_saturate+0x169/0x1e0 Call Trace: j1939_netdev_start+0x68b/0x920 j1939_sk_bind+0x426/0xeb0 ? security_socket_bind+0x83/0xb0 The rx_kref's kref_get() and kref_put() should use j1939_netdev_lock to protect.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 9d71dd0c70099914fcd063135da3c580865e924c - < a0e47d2833b4f65e6c799f28c6b636d36b8b936daffected 9d71dd0c70099914fcd063135da3c580865e924c - < 864e77771a24c877aaf53aee019f78619cbcd668affected 9d71dd0c70099914fcd063135da3c580865e924c - < 6e8811707e2df0c6ba920f0cad3a3bca7b42132faffected 9d71dd0c70099914fcd063135da3c580865e924c - < d9d52a3ebd284882f5562c88e55991add5d01586 |
Linux | Linux | affected 5.4unaffected 0 - < 5.4unaffected 5.4.156 - <= 5.4.*unaffected 5.10.76 - <= 5.10.*unaffected 5.14.15 - <= 5.14.*+1 more versions |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now