fkie_cve-2021-47456
Vulnerability from fkie_nvd
Published
2024-05-22 07:15
Modified
2024-11-21 06:36
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cause UAF. Fix this by releasing 'dev' later. The following log reveals it: [ 35.961814 ] BUG: KASAN: use-after-free in peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.963414 ] Read of size 8 at addr ffff888136998ee8 by task modprobe/5537 [ 35.965513 ] Call Trace: [ 35.965718 ] dump_stack_lvl+0xa8/0xd1 [ 35.966028 ] print_address_description+0x87/0x3b0 [ 35.966420 ] kasan_report+0x172/0x1c0 [ 35.966725 ] ? peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.967137 ] ? trace_irq_enable_rcuidle+0x10/0x170 [ 35.967529 ] ? peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.967945 ] __asan_report_load8_noabort+0x14/0x20 [ 35.968346 ] peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.968752 ] pci_device_remove+0xa9/0x250
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1248582e47a9f7ce0ecd156c39fc61f8b6aa3699
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1c616528ba4aeb1125a06b407572ab7b56acae38
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/28f28e4bc3a5e0051faa963f10b778ab38c1db69
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/34914971bb3244db4ce2be44e9438a9b30c56250
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/447d44cd2f67a20b596ede3ca3cd67086dfd9ca9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/949fe9b35570361bc6ee2652f89a0561b26eec98
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/adbda14730aacce41c0d3596415aa39ad63eafd9
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1248582e47a9f7ce0ecd156c39fc61f8b6aa3699
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1c616528ba4aeb1125a06b407572ab7b56acae38
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/28f28e4bc3a5e0051faa963f10b778ab38c1db69
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/34914971bb3244db4ce2be44e9438a9b30c56250
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/447d44cd2f67a20b596ede3ca3cd67086dfd9ca9
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/949fe9b35570361bc6ee2652f89a0561b26eec98
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/adbda14730aacce41c0d3596415aa39ad63eafd9
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_pci: peak_pci_remove(): fix UAF\n\nWhen remove the module peek_pci, referencing \u0027chan\u0027 again after\nreleasing \u0027dev\u0027 will cause UAF.\n\nFix this by releasing \u0027dev\u0027 later.\n\nThe following log reveals it:\n\n[   35.961814 ] BUG: KASAN: use-after-free in peak_pci_remove+0x16f/0x270 [peak_pci]\n[   35.963414 ] Read of size 8 at addr ffff888136998ee8 by task modprobe/5537\n[   35.965513 ] Call Trace:\n[   35.965718 ]  dump_stack_lvl+0xa8/0xd1\n[   35.966028 ]  print_address_description+0x87/0x3b0\n[   35.966420 ]  kasan_report+0x172/0x1c0\n[   35.966725 ]  ? peak_pci_remove+0x16f/0x270 [peak_pci]\n[   35.967137 ]  ? trace_irq_enable_rcuidle+0x10/0x170\n[   35.967529 ]  ? peak_pci_remove+0x16f/0x270 [peak_pci]\n[   35.967945 ]  __asan_report_load8_noabort+0x14/0x20\n[   35.968346 ]  peak_pci_remove+0x16f/0x270 [peak_pci]\n[   35.968752 ]  pci_device_remove+0xa9/0x250"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: pico_pci: pico_pci_remove(): arreglar UAF Cuando se elimina el m\u00f3dulo peek_pci, hacer referencia a \u0027chan\u0027 nuevamente despu\u00e9s de liberar \u0027dev\u0027 causar\u00e1 UAF. Solucione este problema lanzando \u0027dev\u0027 m\u00e1s tarde. El siguiente registro lo revela: [35.961814] ERROR: KASAN: uso despu\u00e9s de liberar en pico_pci_remove+0x16f/0x270 [peak_pci] [35.963414] Lectura de tama\u00f1o 8 en addr ffff888136998ee8 por tarea modprobe/5537 [35.965513] Seguimiento de llamadas: [3 5.965718 ] dump_stack_lvl+0xa8/0xd1 [35.966028] print_address_description+0x87/0x3b0 [35.966420] kasan_report+0x172/0x1c0 [35.966725]? pico_pci_remove+0x16f/0x270 [pico_pci] [35.967137]? trace_irq_enable_rcuidle+0x10/0x170 [35.967529]? pico_pci_remove+0x16f/0x270 [pico_pci] [ 35.967945 ] __asan_report_load8_noabort+0x14/0x20 [ 35.968346 ] pico_pci_remove+0x16f/0x270 [pico_pci] [ 35.968752 ] ve+0xa9/0x250"
    }
  ],
  "id": "CVE-2021-47456",
  "lastModified": "2024-11-21T06:36:10.987",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-22T07:15:10.627",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1248582e47a9f7ce0ecd156c39fc61f8b6aa3699"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1c616528ba4aeb1125a06b407572ab7b56acae38"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/28f28e4bc3a5e0051faa963f10b778ab38c1db69"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/34914971bb3244db4ce2be44e9438a9b30c56250"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/447d44cd2f67a20b596ede3ca3cd67086dfd9ca9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/949fe9b35570361bc6ee2652f89a0561b26eec98"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/adbda14730aacce41c0d3596415aa39ad63eafd9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/1248582e47a9f7ce0ecd156c39fc61f8b6aa3699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/1c616528ba4aeb1125a06b407572ab7b56acae38"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/28f28e4bc3a5e0051faa963f10b778ab38c1db69"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/34914971bb3244db4ce2be44e9438a9b30c56250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/447d44cd2f67a20b596ede3ca3cd67086dfd9ca9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/949fe9b35570361bc6ee2652f89a0561b26eec98"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/adbda14730aacce41c0d3596415aa39ad63eafd9"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        },
        {
          "lang": "en",
          "value": "CWE-467"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.