Linux · Linux Kernel · CVE-2021-46966
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue is related to a potential use-after-free problem in the Linux kernel's ACPI custom method. Specifically, in the `cm write()` function, the buffer `buf` is always freed when reaching the end of the function. However, if the requested count is less than `table.length`, the allocated buffer will be freed, but subsequent calls to `cm write()` will still try to access it. This can lead to a denial of service. The issue is resolved by removing the unconditional `kfree(buf)` at the end of the function and setting `buf` to `NULL` in the `-EINVAL` error path.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.