#VU91053 Use-after-free in Linux kernel - CVE-2021-47520

Vulnerability identifier: #VU91053

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47520

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pch_can_rx_normal() function in drivers/net/can/pch_can.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/bafe343a885c70dddf358379cf0b2a1c07355d8d
https://git.kernel.org/stable/c/3a3c46e2eff0577454860a203be1a8295f4acb76
https://git.kernel.org/stable/c/affbad02bf80380a7403885b9fe4a1587d1bb4f3
https://git.kernel.org/stable/c/3e193ef4e0a3f5bf92ede83ef214cb09d01b00aa
https://git.kernel.org/stable/c/abb4eff3dcd2e583060082a18a8dbf31f02689d4
https://git.kernel.org/stable/c/703dde112021c93d6e89443c070e7dbd4dea612e
https://git.kernel.org/stable/c/6c73fc931658d8cbc8a1714b326cb31eb71d16a7
https://git.kernel.org/stable/c/94cddf1e9227a171b27292509d59691819c458db

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.