1. Home
  2. Vulnerabilities
  3. CVE-2021-47521

CVE-2021-47521

CVSS v3.1 7.8 (High)
78% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 1
Advisories 8
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel, the following vulnerability has been resolved:

can: sja1000: fix use after free in ems_pcmcia_add_card()

If the last channel is not available then "dev" is freed. Fortunately,
we can just use "pdev->irq" instead.

Also we should check if at least one channel was set up.

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
kernel.org
Published Date
2024-05-24 15:15:14
(3 months ago)
Updated Date
2024-06-10 18:41:35
(3 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 3.2 version and prior 4.4.295 version cpe:2.3:o:linux:linux_kernel >= 3.2 < 4.4.295
  Linux Kernel from 4.5 version and prior 4.9.293 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.9.293
  Linux Kernel from 4.10 version and prior 4.14.258 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.14.258
  Linux Kernel from 4.15 version and prior 4.19.221 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.19.221
  Linux Kernel from 4.20 version and prior 5.4.165 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.4.165
  Linux Kernel from 5.5 version and prior 5.10.85 version cpe:2.3:o:linux:linux_kernel >= 5.5 < 5.10.85
  Linux Kernel from 5.11 version and prior 5.15.8 version cpe:2.3:o:linux:linux_kernel >= 5.11 < 5.15.8