PT-2025-17219 · Linux+6 · Linux Kernel+6

Published

2025-04-17

Updated

2025-08-12

CVE-2021-47670

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use after free bug has been identified in the Linux kernel, specifically in the peak usb component. The issue arises after calling the peak usb netif rx ni() function with the skb variable, as dereferencing skb becomes unsafe. This is particularly problematic when accessing the can frame cf which shares memory with skb after the peak usb netif rx ni() call. Reordering the lines of code resolves the issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:13589

ALSA-2025:13590

CESA-2025_13589

CESA-2025_13590

CVE-2021-47670

INFSA-2025_13589

INFSA-2025_13590

OESA-2025-1465

OPENSUSE-SU-2025_01633-1

RHSA-2025:13589

RHSA-2025:13590

RHSA-2025:14136

RHSA-2025:14511

RHSA-2025:14692

RHSA-2025:15035

RHSA-2025_13589

RHSA-2025_13590

SUSE-SU-2025:01633-1

SUSE-SU-2025:01983-1

SUSE-SU-2025:1574-1

SUSE-SU-2025_01633-1

SUSE-SU-2025_01983-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2025-17219 · Linux+6 · Linux Kernel+6

CVE-2021-47670

Weakness Enumeration

Related Identifiers

Affected Products

References · 465