In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len to 'len' before the possible free and use 'len' instead of skb->len later.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Rhel Eus
  • Rhev Hypervisor

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2024:3627 2024-06-05T00:00:00Z
kernel-0:4.18.0-553.5.1.el8_10 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:3618 2024-06-05T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
kernel-0:4.18.0-372.105.1.el8_6 cpe:/o:redhat:rhel_eus:8.6 RHSA-2024:3462 2024-05-29T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.58.1.el8_8 cpe:/o:redhat:rhel_eus:8.8 RHSA-2024:3810 2024-06-11T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.105.1.el8_6 cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2024:3462 2024-05-29T00:00:00Z
References
Link Providers
https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834 cve-icon cve-icon
https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d cve-icon cve-icon
https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57 cve-icon cve-icon
https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7 cve-icon cve-icon
https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d cve-icon cve-icon
https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955 cve-icon cve-icon
https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322 cve-icon cve-icon
https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024022831-CVE-2021-47013-034a@gregkh/T/#u cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-47013 cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-47013 cve-icon
History

Mon, 04 Nov 2024 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-28T08:13:30.905Z

Updated: 2024-11-04T11:57:43.263Z

Reserved: 2024-02-27T18:42:55.953Z

Link: CVE-2021-47013

cve-icon Vulnrichment

Updated: 2024-08-04T05:24:39.713Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-28T09:15:38.800

Modified: 2024-11-21T06:35:11.433

Link: CVE-2021-47013

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-02-28T00:00:00Z

Links: CVE-2021-47013 - Bugzilla