CVE-2021-47017

ath10k: Fix a use after free in ath10k_htc_send_bundle

Description

In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix a use after free in ath10k_htc_send_bundle In ath10k_htc_send_bundle, the bundle_skb could be freed by dev_kfree_skb_any(bundle_skb). But the bundle_skb is used later by bundle_skb->len. As skb_len = bundle_skb->len, my patch replaces bundle_skb->len to skb_len after the bundle_skb was freed.

References

Link	Tags
https://git.kernel.org/stable/c/8bb054fb336f4250002fff4e0b075221c05c3c65	patch
https://git.kernel.org/stable/c/3b1ac40c6012140828caa79e592a438a18ebf71b	patch
https://git.kernel.org/stable/c/5e413c0831ff4700d1739db3fa3ae9f859744676	patch
https://git.kernel.org/stable/c/8392df5d7e0b6a7d21440da1fc259f9938f4dec3	patch

Frequently Asked Questions

What is the severity of CVE-2021-47017?: CVE-2021-47017 has been scored as a high severity vulnerability.
How to fix CVE-2021-47017?: To fix CVE-2021-47017, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47017 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-47017 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47017?: CVE-2021-47017 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions