ghsa-8f8j-69c8-v223
Vulnerability from github
Published
2024-02-27 21:31
Modified
2024-02-27 21:31
Details

In the Linux kernel, the following vulnerability has been resolved:

ACPI: custom_method: fix potential use-after-free issue

In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it.

Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2021-46966"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T19:04:07Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: custom_method: fix potential use-after-free issue\n\nIn cm_write(), buf is always freed when reaching the end of the\nfunction.  If the requested count is less than table.length, the\nallocated buffer will be freed but subsequent calls to cm_write() will\nstill try to access it.\n\nRemove the unconditional kfree(buf) at the end of the function and\nset the buf to NULL in the -EINVAL error path to match the rest of\nfunction.",
  "id": "GHSA-8f8j-69c8-v223",
  "modified": "2024-02-27T21:31:27Z",
  "published": "2024-02-27T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46966"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3bf7e394"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/62dc2440ebb552aa0d7f635e1697e077d9d21203"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/72814a94c38a33239793f7622cec6ace1e540c4b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8b04d57f30caf76649d0567551589af9a66ca9be"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90575d1d9311b753cf1718f4ce9061ddda7dfd23"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a5b26a2e362f572d87e9fd35435680e557052a17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7a5baaae212a686ceb812c32fceed79c03c0234"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e483bb9a991bdae29a0caa4b3a6d002c968f94aa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f16737caf41fc06cfe6e49048becb09657074d4b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.