Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Avoid potential use after free in MHI send It is possible that the MHI ul_callback will be invoked immediately following the queueing of the skb for transmission, leading to the callback decrementing the refcount of the associated sk and freeing the skb. As such the dereference of skb and the increment of the sk refcount must happen before the skb is queued, to avoid the skb to be used after free and potentially the sk to drop its last refcount..
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.8, <= 5.10.35 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40Patch
- https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3aPatch
- https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80Patch
- https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0Patch
- https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40Patch
- https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3aPatch
- https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80Patch
- https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0Patch
FAQ
What is CVE-2021-46973?
CVE-2021-46973 is a vulnerability with a CVSS score of 8.4 (HIGH). In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Avoid potential use after free in MHI send It is possible that the MHI ul_callback will be invoked immediately followin...
How severe is CVE-2021-46973?
CVE-2021-46973 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46973?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.