PT-2024-10338 · Linux+3 · Linux Kernel+3

Mark Langsdorf

Published

2024-02-27

Updated

2024-12-06

CVE-2021-46966

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a potential use-after-free problem in the Linux kernel's ACPI custom method. Specifically, in the cm write() function, the buffer buf is always freed when reaching the end of the function. However, if the requested count is less than table.length, the allocated buffer will be freed, but subsequent calls to cm write() will still try to access it. This can lead to a denial of service. The issue is resolved by removing the unconditional kfree(buf) at the end of the function and setting buf to NULL in the -EINVAL error path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-00818

CVE-2021-46966

OESA-2024-1567

OPENSUSE-SU-2024_0857-1

SUSE-SU-2024:0856-1

SUSE-SU-2024:0857-1

SUSE-SU-2024:0926-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1870-1

USN-6739-1

Affected Products

Astra Linux

Linux Kernel

Suse

Ubuntu

PT-2024-10338 · Linux+3 · Linux Kernel+3

CVE-2021-46966

Weakness Enumeration

Related Identifiers

Affected Products

References · 628