PT-2024-11243 · Linux+3 · Linux Kernel+3

Pavel Skripkin

Published

2021-06-18

Updated

2025-04-09

CVE-2021-47235

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential use-after-free vulnerability has been resolved in the Linux kernel. The issue occurs in the ec bhf remove function, where the priv pointer is used after free netdev has been called. This can cause a use-after-free error when accessing the priv pointer. The fix involves moving the free netdev call after the pci iounmap calls.

Recommendations To resolve the issue, move the free netdev call after the pci iounmap calls in the ec bhf remove function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-07315

CVE-2021-47235

OESA-2024-1793

OPENSUSE-SU-2024_2185-1

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2185-1

USN-7429-1

USN-7429-2

Affected Products

Astra Linux

Linux Kernel

Suse

Ubuntu

PT-2024-11243 · Linux+3 · Linux Kernel+3

CVE-2021-47235

Weakness Enumeration

Related Identifiers

Affected Products

References · 718