Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-46966

UNKNOWN
Published 2024-02-27T18:47:03.631Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-46966. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

ACPI: custom_method: fix potential use-after-free issue

In cm_write(), buf is always freed when reaching the end of the
function. If the requested count is less than table.length, the
allocated buffer will be freed but subsequent calls to cm_write() will
still try to access it.

Remove the unconditional kfree(buf) at the end of the function and
set the buf to NULL in the -EINVAL error path to match the rest of
function.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Linux

Affected Versions:

4bda2b79a9d04c8ba31681c66e95877dbb433416 5c12dadcbef8cd55ef1f5dac799bfcbb7ea7db1d 35b88a10535edcf62d3e6b7893a8cd506ff98a24 e4467fb6ef547aa352dc03397f9474ec84eced5b 03d1571d9513369c17e6848476763ebbd10ec2cb 03d1571d9513369c17e6848476763ebbd10ec2cb 03d1571d9513369c17e6848476763ebbd10ec2cb 03d1571d9513369c17e6848476763ebbd10ec2cb 03d1571d9513369c17e6848476763ebbd10ec2cb 70424999fbf1f160ade111cb9baab51776e0f9c2 06cd4a06eb596a888239fb8ceb6ea15677cab396
Linux

Linux

Affected Versions:

5.4 0 4.4.269 4.9.269 4.14.233 4.19.191 5.4.118 5.10.36 5.11.20 5.12.3 5.13

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-8f8j-69c8-v223

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it. Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-46966
WEB https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3bf7e394
WEB https://git.kernel.org/stable/c/62dc2440ebb552aa0d7f635e1697e077d9d21203
WEB https://git.kernel.org/stable/c/72814a94c38a33239793f7622cec6ace1e540c4b
WEB https://git.kernel.org/stable/c/8b04d57f30caf76649d0567551589af9a66ca9be
WEB https://git.kernel.org/stable/c/90575d1d9311b753cf1718f4ce9061ddda7dfd23
WEB https://git.kernel.org/stable/c/a5b26a2e362f572d87e9fd35435680e557052a17
WEB https://git.kernel.org/stable/c/b7a5baaae212a686ceb812c32fceed79c03c0234
WEB https://git.kernel.org/stable/c/e483bb9a991bdae29a0caa4b3a6d002c968f94aa
WEB https://git.kernel.org/stable/c/f16737caf41fc06cfe6e49048becb09657074d4b

Advisory provided by GitHub Security Advisory Database. Published: February 27, 2024, Modified: December 6, 2024

References

https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3bf7e394
https://git.kernel.org/stable/c/8b04d57f30caf76649d0567551589af9a66ca9be
https://git.kernel.org/stable/c/90575d1d9311b753cf1718f4ce9061ddda7dfd23
https://git.kernel.org/stable/c/a5b26a2e362f572d87e9fd35435680e557052a17
https://git.kernel.org/stable/c/72814a94c38a33239793f7622cec6ace1e540c4b
https://git.kernel.org/stable/c/62dc2440ebb552aa0d7f635e1697e077d9d21203
https://git.kernel.org/stable/c/f16737caf41fc06cfe6e49048becb09657074d4b
https://git.kernel.org/stable/c/b7a5baaae212a686ceb812c32fceed79c03c0234
https://git.kernel.org/stable/c/e483bb9a991bdae29a0caa4b3a6d002c968f94aa
Published: 2024-02-27T18:47:03.631Z
Last Modified: 2025-05-04T12:40:40.314Z
Copied to clipboard!