| The CVE-2021-47520 vulnerability resides in the Linux kernel's CAN (Controller Area Network) driver, specifically in the `pch_can_rx_normal` function within the `drivers/net/can/pch_can.c` file. The issue arises from a use-after-free error, where the `skb` (socket buffer) is dereferenced after calling `netif_receive_skb(skb)`. This is problematic because the `can_frame cf` aliases the memory of `skb`, and accessing it after the call to `netif_receive_skb(skb)` is unsafe. |
| |
| The vulnerability was introduced in kernel version 2.6.37 with commit b21d18b51b31 and has since been fixed in various kernel versions, including 4.4.295, 4.9.293, 4.14.258, 4.19.221, 5.4.165, 5.10.85, and 5.15.8. |
| |
| The fix involves reordering the lines of code to prevent the use-after-free error. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported in isolation. However, for those who cannot update to the latest release, the individual commits that resolve this issue can be found at the provided Git links. |
| |
