Linux Kernel Vulnerability in CAN Module by Linux Foundation
CVE-2021-47668

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 17 April 2025

Summary

The Linux kernel contains a vulnerability in the CAN module, where accessing dereferenced memory after it has been freed can lead to instability and potential exploitation. Specifically, after invoking the netif_rx_ni(skb) function, subsequent accesses to skb—particularly for can_frame cf—can introduce unsafe conditions. Revising the order of operations ensures that the integrity of the memory reference is maintained, ultimately enhancing the kernel's reliability.

Affected Version(s)

Linux 39549eef3587f1c1e8c65c88a2400d10fd30ea17 < 260925a0b7d2da5449f8ecfd02c1405e0c8a45b8

Linux 39549eef3587f1c1e8c65c88a2400d10fd30ea17

Linux 39549eef3587f1c1e8c65c88a2400d10fd30ea17 < 92668d28c7e6a7a2ba07df287669ffcdf650c421

References

https://git.kernel.org/stable/c/260925a0b7d2da5449f8ecfd0...

https://git.kernel.org/stable/c/bbc6847b9b8978b520f62fbc7...

https://git.kernel.org/stable/c/92668d28c7e6a7a2ba07df287...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Apr 16, 2025