CVE-2021-47521: can: sja1000: fix use after free in ems_pcmcia_add_card()
First published: Fri May 24 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in ems_pcmcia_add_card() If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev->irq" instead. Also we should check if at least one channel was set up.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | >=3.2<4.4.295 | |
| Linux kernel | >=4.5<4.9.293 | |
| Linux kernel | >=4.10<4.14.258 | |
| Linux kernel | >=4.15<4.19.221 | |
| Linux kernel | >=4.20<5.4.165 | |
| Linux kernel | >=5.5<5.10.85 | |
| Linux kernel | >=5.11<5.15.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/cbd86110546f7f730a1f5d7de56c944a336c15c4
- https://git.kernel.org/stable/c/1dd5b819f7e406dc15bbc7670596ff25261aaa2a
- https://git.kernel.org/stable/c/c8718026ba287168ff9ad0ccc4f9a413062cba36
- https://git.kernel.org/stable/c/ccf070183e4655824936c0f96c4a2bcca93419aa
- https://git.kernel.org/stable/c/1a295fea90e1acbe80c6d4940f5ff856edcd6bec
- https://git.kernel.org/stable/c/923f4dc5df679f678e121c20bf2fd70f7bf3e288
- https://git.kernel.org/stable/c/474f9a8534f5f89841240a7e978bafd6e1e039ce
- https://git.kernel.org/stable/c/3ec6ca6b1a8e64389f0212b5a1b0f6fed1909e45
Frequently Asked Questions
What is the severity of CVE-2021-47521?
CVE-2021-47521 has a medium severity rating due to the potential for a use after free vulnerability in the Linux kernel.
How do I fix CVE-2021-47521?
To fix CVE-2021-47521, update your Linux kernel to a version that includes the patch addressing this vulnerability.
Which versions of the Linux kernel are affected by CVE-2021-47521?
CVE-2021-47521 affects Linux kernel versions between 3.2 and 5.15.8, excluding specific fixed versions.
What type of vulnerability is CVE-2021-47521?
CVE-2021-47521 is classified as a use after free vulnerability, which can lead to potential security risks.
Who reported CVE-2021-47521?
CVE-2021-47521 was reported in the context of the Linux kernel security updates.
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/severity
- agent/remedy
- agent/softwarecombine
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.2
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11