CVE-2021-47521

can: sja1000: fix use after free in ems_pcmcia_add_card()

Description

In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in ems_pcmcia_add_card() If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev->irq" instead. Also we should check if at least one channel was set up.

References

Link	Tags
https://git.kernel.org/stable/c/cbd86110546f7f730a1f5d7de56c944a336c15c4	patch
https://git.kernel.org/stable/c/1dd5b819f7e406dc15bbc7670596ff25261aaa2a	patch
https://git.kernel.org/stable/c/c8718026ba287168ff9ad0ccc4f9a413062cba36	patch
https://git.kernel.org/stable/c/ccf070183e4655824936c0f96c4a2bcca93419aa	patch
https://git.kernel.org/stable/c/1a295fea90e1acbe80c6d4940f5ff856edcd6bec	patch
https://git.kernel.org/stable/c/923f4dc5df679f678e121c20bf2fd70f7bf3e288	patch
https://git.kernel.org/stable/c/474f9a8534f5f89841240a7e978bafd6e1e039ce	patch
https://git.kernel.org/stable/c/3ec6ca6b1a8e64389f0212b5a1b0f6fed1909e45	patch

Frequently Asked Questions

What is the severity of CVE-2021-47521?: CVE-2021-47521 has been scored as a high severity vulnerability.
How to fix CVE-2021-47521?: To fix CVE-2021-47521, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47521 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-47521 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47521?: CVE-2021-47521 affects Linux Linux, Linux Linux.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions