CVE-2021-46994

can: mcp251x: fix resume from sleep before interface was brought up

Description

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix resume from sleep before interface was brought up Since 8ce8c0abcba3 the driver queues work via priv->restart_work when resuming after suspend, even when the interface was not previously enabled. This causes a null dereference error as the workqueue is only allocated and initialized in mcp251x_open(). To fix this we move the workqueue init to mcp251x_can_probe() as there is no reason to do it later and repeat it whenever mcp251x_open() is called. [mkl: fix error handling in mcp251x_stop()]

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21 patch
https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c patch
https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b patch
https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af patch

Frequently Asked Questions

What is the severity of CVE-2021-46994?
CVE-2021-46994 has been scored as a medium severity vulnerability.
How to fix CVE-2021-46994?
To fix CVE-2021-46994, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-46994 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-46994 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-46994?
CVE-2021-46994 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.