CVE-2021-47670

In the Linux kernel, the following vulnerability has been resolved:

can: peak_usb: fix use after free bugs

After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni().

Reordering the lines solves the issue.

Published: Apr 17, 2025
Updated: Apr 30, 2025
CVE: CVE-2021-47670
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.11-rc3	5.11-rc3.x
linux / linux_kernel	5.11-rc2	5.11-rc2.x
linux / linux_kernel	5.11-rc1	5.11-rc1.x
linux / linux_kernel	5.11-rc4	5.11-rc4.x
linux / linux_kernel	4.20	5.4.93
linux / linux_kernel	5.5	5.10.11
linux / linux_kernel	4.0	4.19.171

https://git.kernel.org/stable/c/50aca891d7a554db0901b245167cd653d73aaa71
https://git.kernel.org/stable/c/5408824636fa0dfedb9ecb0d94abd573131bfbbe
https://git.kernel.org/stable/c/ddd1416f44130377798c1430b76503513b7497c2
https://git.kernel.org/stable/c/ec939c13c3fff2114479769c8380b7f1a54feca9

Vulnerability Database

CVE-2021-47670

Deep Security Visibility Without the Complexity