CVE-2021-46973

HIGH

Published 2024-02-27T18:47:07.880Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-46973. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

8.4

/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.035

Higher than 3.5% of all CVEs

Attack Vector Metrics

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Description

In the Linux kernel, the following vulnerability has been resolved:

net: qrtr: Avoid potential use after free in MHI send

It is possible that the MHI ul_callback will be invoked immediately
following the queueing of the skb for transmission, leading to the
callback decrementing the refcount of the associated sk and freeing the
skb.

As such the dereference of skb and the increment of the sk refcount must
happen before the skb is queued, to avoid the skb to be used after free
and potentially the sk to drop its last refcount..

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

6e728f321393b1fce9e1c2c3e55f9f7c15991321 6e728f321393b1fce9e1c2c3e55f9f7c15991321 6e728f321393b1fce9e1c2c3e55f9f7c15991321 6e728f321393b1fce9e1c2c3e55f9f7c15991321

Linux

Affected Versions:

5.8 0 5.10.35 5.11.19 5.12.2 5.13

linux

linux_kernel

Affected Versions:

6e728f321393 6e728f321393 6e728f321393 6e728f321393 5.8 0 5.10.35 5.11.19 5.12.2 5.13

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-pwwc-8qxc-5w7f

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Avoid potential use after free in MHI send It is possible that the MHI ul_callback will be invoked immediately following the queueing of the skb for transmission, leading to the callback decrementing the refcount of the associated sk and freeing the skb. As such the dereference of skb and the increment of the sk refcount must happen before the skb is queued, to avoid the skb to be used after free and potentially the sk to drop its last refcount..

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-46973

WEB https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40

WEB https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3a

WEB https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80

WEB https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0

Advisory provided by GitHub Security Advisory Database. Published: February 27, 2024, Modified: August 1, 2024

References

https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80

https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0

https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40

https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3a

Published: 2024-02-27T18:47:07.880Z

Last Modified: 2025-05-04T07:01:28.129Z

Copied to clipboard!

CVE-2021-46973

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

linux_kernel

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!