Use After Free Vulnerability in Linux Kernel Affecting Peak USB Component
CVE-2021-47670

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 17 April 2025

Summary

A vulnerability affecting the Linux Kernel has been identified in the Peak USB component. The flaw, categorized as a use after free issue, occurs after the invocation of the 'peak_usb_netif_rx_ni(skb)' function, leading to unsafe dereferencing of 'skb'. This situation arises particularly when accessing the 'can_frame cf', which references the memory associated with 'skb' after it has been freed. Reordering specific lines of code has been implemented to remediate this vulnerability, ensuring that memory management is handled safely.

Affected Version(s)

Linux 0a25e1f4f18566b750ebd3ae995af64e23111e63 < 5408824636fa0dfedb9ecb0d94abd573131bfbbe

Linux 0a25e1f4f18566b750ebd3ae995af64e23111e63

References

https://git.kernel.org/stable/c/5408824636fa0dfedb9ecb0d9...

https://git.kernel.org/stable/c/ddd1416f44130377798c1430b...

https://git.kernel.org/stable/c/ec939c13c3fff2114479769c8...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Apr 16, 2025