发布于3月6日3月6日 Members Ubuntu: (CVE-2021-47232): linux vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/21/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to a Use-after-Free if the skb is taken concurrently from the session queue due to a CTS. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 References https://attackerkb.com/topics/cve-2021-47232 CVE - 2021-47232 https://git.kernel.org/linus/2030043e616cab40f510299f09b636285e0a3678 https://git.kernel.org/stable/c/1071065eeb33d32b7d98c2ce7591881ae7381705 https://git.kernel.org/stable/c/2030043e616cab40f510299f09b636285e0a3678 https://git.kernel.org/stable/c/22cba878abf646cd3a02ee7c8c2cef7afe66a256 https://git.kernel.org/stable/c/509ab6bfdd0c76daebbad0f0af07da712116de22 https://www.cve.org/CVERecord?id=CVE-2021-47232 View more
