CVE-2021-47013 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Eus Rhev Hypervisor

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:3627	2024-06-05T00:00:00Z
kernel-0:4.18.0-553.5.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:3618	2024-06-05T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
kernel-0:4.18.0-372.105.1.el8_6	cpe:/o:redhat:rhel_eus:8.6	RHSA-2024:3462	2024-05-29T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.58.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:3810	2024-06-11T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.105.1.el8_6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2024:3462	2024-05-29T00:00:00Z

Link	Providers
https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834
https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d
https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57
https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7
https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d
https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955
https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322
https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b
https://lore.kernel.org/linux-cve-announce/2024022831-CVE-2021-47013-034a@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2021-47013
https://www.cve.org/CVERecord?id=CVE-2021-47013

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47013", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.953Z", "datePublished": "2024-02-28T08:13:30.905Z", "dateUpdated": "2025-05-04T07:02:18.890Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:02:18.890Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send\n\nIn emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).\nIf some error happens in emac_tx_fill_tpd(), the skb will be freed via\ndev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().\nBut the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).\n\nAs i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,\nthus my patch assigns skb->len to 'len' before the possible free and\nuse 'len' instead of skb->len later."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/qualcomm/emac/emac-mac.c"], "versions": [{"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "c7f75d11fe72913d2619f97b2334b083cd7bb955", "status": "affected", "versionType": "git"}, {"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "dc1b438a35773d030be0ee80d9c635c3e558a322", "status": "affected", "versionType": "git"}, {"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "16d8c44be52e3650917736d45f5904384a9da834", "status": "affected", "versionType": "git"}, {"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "55fcdd1258faaecca74b91b88cc0921f9edd775d", "status": "affected", "versionType": "git"}, {"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "9dc373f74097edd0e35f3393d6248eda8d1ba99d", "status": "affected", "versionType": "git"}, {"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "8c06f34785068b87e2b560534c77c163d6c6dca7", "status": "affected", "versionType": "git"}, {"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "e407495ba6788a67d1bd41714158c079e340879b", "status": "affected", "versionType": "git"}, {"version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "6d72e7c767acbbdd44ebc7d89c6690b405b32b57", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/qualcomm/emac/emac-mac.c"], "versions": [{"version": "4.9", "status": "affected"}, {"version": "0", "lessThan": "4.9", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.269", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.233", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.191", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.119", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.37", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.21", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.4", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "4.9.269"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "4.14.233"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "4.19.191"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.4.119"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.10.37"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.11.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.12.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955"}, {"url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322"}, {"url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834"}, {"url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d"}, {"url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d"}, {"url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7"}, {"url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b"}, {"url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57"}], "title": "net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47013", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T19:56:27.719807Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:13:43.156Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.713Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2021-47013 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-02-27T18:42:55.953Z (string)

datePublished : 2024-02-28T08:13:30.905Z (string)

dateUpdated : 2025-05-04T07:02:18.890Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T07:02:18.890Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len to 'len' before the possible free and use 'len' instead of skb->len later. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/net/ethernet/qualcomm/emac/emac-mac.c (string)

]

versions : [ »

0 : { »

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : c7f75d11fe72913d2619f97b2334b083cd7bb955 (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : dc1b438a35773d030be0ee80d9c635c3e558a322 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : 16d8c44be52e3650917736d45f5904384a9da834 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : 55fcdd1258faaecca74b91b88cc0921f9edd775d (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : 9dc373f74097edd0e35f3393d6248eda8d1ba99d (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : 8c06f34785068b87e2b560534c77c163d6c6dca7 (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : e407495ba6788a67d1bd41714158c079e340879b (string)

status : affected (string)

versionType : git (string)

}

7 : { »

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : 6d72e7c767acbbdd44ebc7d89c6690b405b32b57 (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/net/ethernet/qualcomm/emac/emac-mac.c (string)

]

versions : [ »

0 : { »

version : 4.9 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 4.9 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 4.9.269 (string)

lessThanOrEqual : 4.9.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 4.14.233 (string)

lessThanOrEqual : 4.14.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 4.19.191 (string)

lessThanOrEqual : 4.19.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 5.4.119 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 5.10.37 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 5.11.21 (string)

lessThanOrEqual : 5.11.* (string)

status : unaffected (string)

versionType : semver (string)

}

8 : { »

version : 5.12.4 (string)

lessThanOrEqual : 5.12.* (string)

status : unaffected (string)

versionType : semver (string)

}

9 : { »

version : 5.13 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.9 (string)

versionEndExcluding : 4.9.269 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.9 (string)

versionEndExcluding : 4.14.233 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.9 (string)

versionEndExcluding : 4.19.191 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.9 (string)

versionEndExcluding : 5.4.119 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.9 (string)

versionEndExcluding : 5.10.37 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.9 (string)

versionEndExcluding : 5.11.21 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.9 (string)

versionEndExcluding : 5.12.4 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.9 (string)

versionEndExcluding : 5.13 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d (string)

}

4 : { »

url : https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d (string)

}

5 : { »

url : https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b (string)

}

7 : { »

url : https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57 (string)

}

]

title : net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2021-47013 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-02-28T19:56:27.719807Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-04T17:13:43.156Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T05:24:39.713Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.713Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47013", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T19:56:27.719807Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:13.723Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "c7f75d11fe72913d2619f97b2334b083cd7bb955", "versionType": "git"}, {"status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "dc1b438a35773d030be0ee80d9c635c3e558a322", "versionType": "git"}, {"status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "16d8c44be52e3650917736d45f5904384a9da834", "versionType": "git"}, {"status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "55fcdd1258faaecca74b91b88cc0921f9edd775d", "versionType": "git"}, {"status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "9dc373f74097edd0e35f3393d6248eda8d1ba99d", "versionType": "git"}, {"status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "8c06f34785068b87e2b560534c77c163d6c6dca7", "versionType": "git"}, {"status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "e407495ba6788a67d1bd41714158c079e340879b", "versionType": "git"}, {"status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "lessThan": "6d72e7c767acbbdd44ebc7d89c6690b405b32b57", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/qualcomm/emac/emac-mac.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.9"}, {"status": "unaffected", "version": "0", "lessThan": "4.9", "versionType": "semver"}, {"status": "unaffected", "version": "4.9.269", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.233", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.191", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.119", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.37", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.21", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.4", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/qualcomm/emac/emac-mac.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955"}, {"url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322"}, {"url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834"}, {"url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d"}, {"url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d"}, {"url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7"}, {"url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b"}, {"url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send\n\nIn emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).\nIf some error happens in emac_tx_fill_tpd(), the skb will be freed via\ndev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().\nBut the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).\n\nAs i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,\nthus my patch assigns skb->len to 'len' before the possible free and\nuse 'len' instead of skb->len later."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.9.269", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.14.233", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.191", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.119", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.37", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.11.21", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.12.4", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.13", "versionStartIncluding": "4.9"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:02:18.890Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47013", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:02:18.890Z", "dateReserved": "2024-02-27T18:42:55.953Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-28T08:13:30.905Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T05:24:39.713Z (string)

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2021-47013 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-02-28T19:56:27.719807Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-05-23T19:01:13.723Z (string)

}

title : CISA ADP Vulnrichment (string)

}

]

cna : { »

title : net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : c7f75d11fe72913d2619f97b2334b083cd7bb955 (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : dc1b438a35773d030be0ee80d9c635c3e558a322 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : 16d8c44be52e3650917736d45f5904384a9da834 (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : 55fcdd1258faaecca74b91b88cc0921f9edd775d (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : 9dc373f74097edd0e35f3393d6248eda8d1ba99d (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : 8c06f34785068b87e2b560534c77c163d6c6dca7 (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : e407495ba6788a67d1bd41714158c079e340879b (string)

versionType : git (string)

}

7 : { »

status : affected (string)

version : b9b17debc69d27cd55e21ee51a5ba7fc50a426cf (string)

lessThan : 6d72e7c767acbbdd44ebc7d89c6690b405b32b57 (string)

versionType : git (string)

}

]

programFiles : [ »

0 : drivers/net/ethernet/qualcomm/emac/emac-mac.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.9 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 4.9 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 4.9.269 (string)

versionType : semver (string)

lessThanOrEqual : 4.9.* (string)

}

3 : { »

status : unaffected (string)

version : 4.14.233 (string)

versionType : semver (string)

lessThanOrEqual : 4.14.* (string)

}

4 : { »

status : unaffected (string)

version : 4.19.191 (string)

versionType : semver (string)

lessThanOrEqual : 4.19.* (string)

}

5 : { »

status : unaffected (string)

version : 5.4.119 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

6 : { »

status : unaffected (string)

version : 5.10.37 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

7 : { »

status : unaffected (string)

version : 5.11.21 (string)

versionType : semver (string)

lessThanOrEqual : 5.11.* (string)

}

8 : { »

status : unaffected (string)

version : 5.12.4 (string)

versionType : semver (string)

lessThanOrEqual : 5.12.* (string)

}

9 : { »

status : unaffected (string)

version : 5.13 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : drivers/net/ethernet/qualcomm/emac/emac-mac.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d (string)

}

4 : { »

url : https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d (string)

}

5 : { »

url : https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b (string)

}

7 : { »

url : https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57 (string)

}

]

x_generator : { »

engine : bippy-1.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len to 'len' before the possible free and use 'len' instead of skb->len later. (string)

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

negate : false (boolean)

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.9.269 (string)

versionStartIncluding : 4.9 (string)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.14.233 (string)

versionStartIncluding : 4.9 (string)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.19.191 (string)

versionStartIncluding : 4.9 (string)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.4.119 (string)

versionStartIncluding : 4.9 (string)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.10.37 (string)

versionStartIncluding : 4.9 (string)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.11.21 (string)

versionStartIncluding : 4.9 (string)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.12.4 (string)

versionStartIncluding : 4.9 (string)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.13 (string)

versionStartIncluding : 4.9 (string)

}

]

operator : OR (string)

}

]

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T07:02:18.890Z (string)

}

cveMetadata : { »

cveId : CVE-2021-47013 (string)

state : PUBLISHED (string)

dateUpdated : 2025-05-04T07:02:18.890Z (string)

dateReserved : 2024-02-27T18:42:55.953Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-02-28T08:13:30.905Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5330E43C-47EE-40CA-B1A9-C1AAC143732E", "versionEndExcluding": "4.9.269", "versionStartIncluding": "4.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4836AF17-022D-49D0-9A8A-AF66FE8DCEB8", "versionEndExcluding": "4.14.233", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B6E6817-19A8-4C0A-8807-71DA48CF9191", "versionEndExcluding": "4.19.191", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07BA880-1043-4674-AC45-266B3B4A44C7", "versionEndExcluding": "5.4.119", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A4CF5D6-ACBA-4980-ABFD-3D7A53B5BB4E", "versionEndExcluding": "5.10.37", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0", "versionEndExcluding": "5.11.21", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838", "versionEndExcluding": "5.12.4", "versionStartIncluding": "5.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send\n\nIn emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).\nIf some error happens in emac_tx_fill_tpd(), the skb will be freed via\ndev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().\nBut the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).\n\nAs i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,\nthus my patch assigns skb->len to 'len' before the possible free and\nuse 'len' instead of skb->len later."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:emac/emac-mac: Se corrige un uso after free en emac_mac_tx_buf_send En emac_mac_tx_buf_send, llama a emac_tx_fill_tpd(..,skb,..). Si ocurre alg\u00fan error en emac_tx_fill_tpd(), el skb se liberar\u00e1 mediante dev_kfree_skb(skb) en la rama de error de emac_tx_fill_tpd(). Pero el skb liberado todav\u00eda se usa a trav\u00e9s de skb-&gt;len por netdev_sent_queue(,skb-&gt;len). Como observ\u00e9 que emac_tx_fill_tpd() no ha modificado el valor de skb-&gt;len, por lo tanto mi parche asigna skb-&gt;len a 'len' antes del posible free y usa 'len' en lugar de skb-&gt;len m\u00e1s tarde."}], "id": "CVE-2021-47013", "lastModified": "2024-12-09T17:59:07.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-28T09:15:38.800", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5330E43C-47EE-40CA-B1A9-C1AAC143732E (string)

versionEndExcluding : 4.9.269 (string)

versionStartIncluding : 4.9 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4836AF17-022D-49D0-9A8A-AF66FE8DCEB8 (string)

versionEndExcluding : 4.14.233 (string)

versionStartIncluding : 4.10 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5B6E6817-19A8-4C0A-8807-71DA48CF9191 (string)

versionEndExcluding : 4.19.191 (string)

versionStartIncluding : 4.15 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E07BA880-1043-4674-AC45-266B3B4A44C7 (string)

versionEndExcluding : 5.4.119 (string)

versionStartIncluding : 4.20 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7A4CF5D6-ACBA-4980-ABFD-3D7A53B5BB4E (string)

versionEndExcluding : 5.10.37 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8CBB94EC-EC33-4464-99C5-03E5542715F0 (string)

versionEndExcluding : 5.11.21 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D8C7052F-1B7B-4327-9C2B-84EBF3243838 (string)

versionEndExcluding : 5.12.4 (string)

versionStartIncluding : 5.12 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len to 'len' before the possible free and use 'len' instead of skb->len later. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:emac/emac-mac: Se corrige un uso after free en emac_mac_tx_buf_send En emac_mac_tx_buf_send, llama a emac_tx_fill_tpd(..,skb,..). Si ocurre algún error en emac_tx_fill_tpd(), el skb se liberará mediante dev_kfree_skb(skb) en la rama de error de emac_tx_fill_tpd(). Pero el skb liberado todavía se usa a través de skb->len por netdev_sent_queue(,skb->len). Como observé que emac_tx_fill_tpd() no ha modificado el valor de skb->len, por lo tanto mi parche asigna skb->len a 'len' antes del posible free y usa 'len' en lugar de skb->len más tarde. (string)

}

]

id : CVE-2021-47013 (string)

lastModified : 2024-12-09T17:59:07.173 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-02-28T09:15:38.800 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955 (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322 (string)

}

7 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-416 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2024:3627", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3618", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.5.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3462", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.105.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2024:3810", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.58.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-06-11T00:00:00Z"}, {"advisory": "RHSA-2024:3462", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.105.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2024-05-29T00:00:00Z"}], "bugzilla": {"description": "kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send", "id": "2266841", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266841"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send\nIn emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).\nIf some error happens in emac_tx_fill_tpd(), the skb will be freed via\ndev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().\nBut the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).\nAs i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,\nthus my patch assigns skb->len to 'len' before the possible free and\nuse 'len' instead of skb->len later.", "A use-after-free flaw was found in the Linux kernel\u2019s Qualcomm Gigabit Ethernet Media Access Controller (EMAC) driver in how a user triggers an error path in the emac_tx_fill_tpd function. This flaw allows a local user to crash or potentially escalate their privileges on the system."], "name": "CVE-2021-47013", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47013\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47013\nhttps://lore.kernel.org/linux-cve-announce/2024022831-CVE-2021-47013-034a@gregkh/T/#u"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2024:3627 (string)

cpe : cpe:/a:redhat:enterprise_linux:8::nfv (string)

package : kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2024-06-05T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2024:3618 (string)

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

package : kernel-0:4.18.0-553.5.1.el8_10 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2024-06-05T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2024:3462 (string)

cpe : cpe:/o:redhat:rhel_eus:8.6 (string)

package : kernel-0:4.18.0-372.105.1.el8_6 (string)

product_name : Red Hat Enterprise Linux 8.6 Extended Update Support (string)

release_date : 2024-05-29T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2024:3810 (string)

cpe : cpe:/o:redhat:rhel_eus:8.8 (string)

package : kernel-0:4.18.0-477.58.1.el8_8 (string)

product_name : Red Hat Enterprise Linux 8.8 Extended Update Support (string)

release_date : 2024-06-11T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2024:3462 (string)

cpe : cpe:/o:redhat:rhev_hypervisor:4.4::el8 (string)

package : kernel-0:4.18.0-372.105.1.el8_6 (string)

product_name : Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 (string)

release_date : 2024-05-29T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (string)

id : 2266841 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2266841 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 7.0 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

status : verified (string)

}

cwe : CWE-416 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len to 'len' before the possible free and use 'len' instead of skb->len later. (string)

1 : A use-after-free flaw was found in the Linux kernel’s Qualcomm Gigabit Ethernet Media Access Controller (EMAC) driver in how a user triggers an error path in the emac_tx_fill_tpd function. This flaw allows a local user to crash or potentially escalate their privileges on the system. (string)

]

name : CVE-2021-47013 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-02-28T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2021-47013 https://nvd.nist.gov/vuln/detail/CVE-2021-47013 https://lore.kernel.org/linux-cve-announce/2024022831-CVE-2021-47013-034a@gregkh/T/#u (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object