CVE-2021-46966

ACPI: custom_method: fix potential use-after-free issue

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it. Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3bf7e394 patch
https://git.kernel.org/stable/c/8b04d57f30caf76649d0567551589af9a66ca9be patch
https://git.kernel.org/stable/c/90575d1d9311b753cf1718f4ce9061ddda7dfd23 patch
https://git.kernel.org/stable/c/a5b26a2e362f572d87e9fd35435680e557052a17 patch
https://git.kernel.org/stable/c/72814a94c38a33239793f7622cec6ace1e540c4b patch
https://git.kernel.org/stable/c/62dc2440ebb552aa0d7f635e1697e077d9d21203 patch
https://git.kernel.org/stable/c/f16737caf41fc06cfe6e49048becb09657074d4b patch
https://git.kernel.org/stable/c/b7a5baaae212a686ceb812c32fceed79c03c0234 patch
https://git.kernel.org/stable/c/e483bb9a991bdae29a0caa4b3a6d002c968f94aa patch

Frequently Asked Questions

What is the severity of CVE-2021-46966?
CVE-2021-46966 has been scored as a high severity vulnerability.
How to fix CVE-2021-46966?
To fix CVE-2021-46966, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-46966 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-46966 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-46966?
CVE-2021-46966 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.