PT-2024-11453 · Linux+5 · Linux Kernel+5

Published

2021-10-17

Updated

2025-01-14

CVE-2021-47459

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free vulnerability has been resolved in the Linux kernel, specifically in the j1939 netdev start() function. This issue can be triggered when the rx kref of j1939 priv is accessed after it has been freed. The vulnerability occurs due to a lack of proper locking, allowing for concurrent access to the rx kref. The rx kref's kref get() and kref put() should use j1939 netdev lock to protect against this issue. Technical details include the involvement of functions such as j1939 sk bind(), j1939 priv set(), and j1939 jsk add(), and variables like priv->rx kref.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:4928

BDU:2025-07467

CVE-2021-47459

INFSA-2024_4928

OESA-2024-1692

OPENSUSE-SU-2024_2189-1

RHSA-2024:4823

RHSA-2024:4831

RHSA-2024:4928

RHSA-2024_4928

RLSA-2024:4928

RXSA-2024:4928

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Almalinux

Astra Linux

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2024-11453 · Linux+5 · Linux Kernel+5

CVE-2021-47459

Weakness Enumeration

Related Identifiers

Affected Products

References · 1386