CVE-2021-47456: can: peak_pci: peak_pci_remove(): fix UAF
First published: Wed May 22 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF The Linux kernel CVE team has assigned <a href="https://access.redhat.com/security/cve/CVE-2021-47456">CVE-2021-47456</a> to this issue. Upstream advisory: <a href="https://lore.kernel.org/linux-cve-announce/2024052244-CVE-2021-47456-dc47@gregkh/T">https://lore.kernel.org/linux-cve-announce/2024052244-CVE-2021-47456-dc47@gregkh/T</a>
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <4.4.290 | 4.4.290 |
| redhat/kernel | <4.9.288 | 4.9.288 |
| redhat/kernel | <4.14.253 | 4.14.253 |
| redhat/kernel | <4.19.214 | 4.19.214 |
| redhat/kernel | <5.4.156 | 5.4.156 |
| redhat/kernel | <5.10.76 | 5.10.76 |
| redhat/kernel | <5.14.15 | 5.14.15 |
| redhat/kernel | <5.15 | 5.15 |
| Linux Kernel | >=3.4<4.4.290 | |
| Linux Kernel | >=4.5<4.9.288 | |
| Linux Kernel | >=4.10<4.14.253 | |
| Linux Kernel | >=4.15<4.19.214 | |
| Linux Kernel | >=4.20<5.4.156 | |
| Linux Kernel | >=5.5<5.10.76 | |
| Linux Kernel | >=5.11<5.14.15 | |
| Linux Kernel | =5.15-rc1 | |
| Linux Kernel | =5.15-rc2 | |
| Linux Kernel | =5.15-rc3 | |
| Linux Kernel | =5.15-rc4 | |
| Linux Kernel | =5.15-rc5 | |
| Linux Kernel | =5.15-rc6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/1c616528ba4aeb1125a06b407572ab7b56acae38
- https://git.kernel.org/stable/c/447d44cd2f67a20b596ede3ca3cd67086dfd9ca9
- https://git.kernel.org/stable/c/34914971bb3244db4ce2be44e9438a9b30c56250
- https://git.kernel.org/stable/c/adbda14730aacce41c0d3596415aa39ad63eafd9
- https://git.kernel.org/stable/c/1248582e47a9f7ce0ecd156c39fc61f8b6aa3699
- https://git.kernel.org/stable/c/28f28e4bc3a5e0051faa963f10b778ab38c1db69
- https://git.kernel.org/stable/c/0e5afdc2315b0737edcf55bede4ee1640d2d464d
- https://git.kernel.org/stable/c/949fe9b35570361bc6ee2652f89a0561b26eec98
- https://access.redhat.com/security/cve/CVE-2021-47456
- https://lore.kernel.org/linux-cve-announce/2024052244-CVE-2021-47456-dc47@gregkh/T
- https://access.redhat.com/errata/RHSA-2024:4211
- https://access.redhat.com/errata/RHSA-2024:4352
- https://bugzilla.redhat.com/show_bug.cgi?id=2282902
Frequently Asked Questions
What is the severity of CVE-2021-47456?
CVE-2021-47456 has been classified as having a medium severity level.
How do I fix CVE-2021-47456?
To mitigate CVE-2021-47456, upgrade to the patched kernel versions provided in the advisory.
Which versions of the Linux kernel are affected by CVE-2021-47456?
CVE-2021-47456 affects various versions of the Linux kernel prior to 4.4.290, 4.9.288, 4.14.253, 4.19.214, 5.4.156, 5.10.76, 5.14.15, and 5.15.
What type of vulnerability is CVE-2021-47456?
CVE-2021-47456 is a use-after-free (UAF) vulnerability in the Linux kernel.
Who maintains the security updates for CVE-2021-47456?
The Linux kernel CVE team is responsible for maintaining security updates related to CVE-2021-47456.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/description
- agent/severity
- agent/event
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-47456
- agent/software-canonical-lookup
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/source
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.4
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.15-rc1
- version/linux kernel/5.15-rc2
- version/linux kernel/5.15-rc3
- version/linux kernel/5.15-rc4
- version/linux kernel/5.15-rc5
- version/linux kernel/5.15-rc6