SB2024053119 - Use-after-free in Linux kernel net ethernet driver
Published: May 31, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024053119
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2021-47235)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ec_bhf_remove() function in drivers/net/ethernet/ec_bhf.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8
- https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6
- https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb
- https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2
- https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a
- https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea
- https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130
- https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.238
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.274
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.274
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.128