CVE-2021-46998
- Source
- https://cve.org/CVERecord?id=CVE-2021-46998
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46998.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-46998
- Downstream
- Related
- Published
- 2024-02-28T09:15:38.090Z
- Modified
- 2026-03-15T22:43:04.875222Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ethernet:enic: Fix a use after free bug in enichardstart_xmit
In enichardstartxmit, it calls enicqueuewqskb(). Inside enicqueuewqskb, if some error happens, the skb will be freed by devkfreeskb(skb). But the freed skb is still used in skbtx_timestamp(skb).
My patch makes enicqueuewqskb() return error and goto spinunlock() incase of error. The solution is provided by Govind. See https://lkml.org/lkml/2021/4/30/961.
- References
-
- https://git.kernel.org/stable/c/25a87b1f566b5eb2af2857a928f0e2310d900976
- https://git.kernel.org/stable/c/643001b47adc844ae33510c4bb93c236667008a3
- https://git.kernel.org/stable/c/6892396ebf04ea2c021d80e10f4075e014cd7cc3
- https://git.kernel.org/stable/c/7afdd6aba95c8a526038e7abe283eeac3e4320f1
- https://git.kernel.org/stable/c/d90529392aaf498dafa95d212295d64b2cea4e24
- https://git.kernel.org/stable/c/f7f6f07774091a6ddd98500b85386c3c6afb30d3
Affected packages
Git /
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46998.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "4.16"
},
{
"fixed": "4.19.191"
}
]
},
{
"events": [
{
"introduced": "4.20"
},
{
"fixed": "5.4.120"
}
]
},
{
"events": [
{
"introduced": "5.5"
},
{
"fixed": "5.10.38"
}
]
},
{
"events": [
{
"introduced": "5.11"
},
{
"fixed": "5.11.22"
}
]
},
{
"events": [
{
"introduced": "5.12"
},
{
"fixed": "5.12.5"
}
]
}
]