Description
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the netif_rx_ni() in: stats->rx_bytes += cf->len; Reordering the lines solves the issue.
Product status
39549eef3587f1c1e8c65c88a2400d10fd30ea17 (git) before 260925a0b7d2da5449f8ecfd02c1405e0c8a45b8
39549eef3587f1c1e8c65c88a2400d10fd30ea17 (git) before bbc6847b9b8978b520f62fbc7c68c54ef0f8d282
39549eef3587f1c1e8c65c88a2400d10fd30ea17 (git) before 92668d28c7e6a7a2ba07df287669ffcdf650c421
39549eef3587f1c1e8c65c88a2400d10fd30ea17 (git) before 08ab951787098ae0b6c0364aeea7a8138226f234
39549eef3587f1c1e8c65c88a2400d10fd30ea17 (git) before ac48ef15826e83f4206c47add61072e8fc76d328
39549eef3587f1c1e8c65c88a2400d10fd30ea17 (git) before 593c072b7b3c4d7044416eb039d9ad706bedd67a
39549eef3587f1c1e8c65c88a2400d10fd30ea17 (git) before 03f16c5075b22c8902d2af739969e878b0879c94
2.6.31
Any version before 2.6.31
4.4.254 (semver)
4.9.254 (semver)
4.14.218 (semver)
4.19.171 (semver)
5.4.93 (semver)
5.10.11 (semver)
5.11 (original_commit_for_fix)
References
git.kernel.org/...c/260925a0b7d2da5449f8ecfd02c1405e0c8a45b8
git.kernel.org/...c/bbc6847b9b8978b520f62fbc7c68c54ef0f8d282
git.kernel.org/...c/92668d28c7e6a7a2ba07df287669ffcdf650c421
git.kernel.org/...c/08ab951787098ae0b6c0364aeea7a8138226f234
git.kernel.org/...c/ac48ef15826e83f4206c47add61072e8fc76d328
git.kernel.org/...c/593c072b7b3c4d7044416eb039d9ad706bedd67a
git.kernel.org/...c/03f16c5075b22c8902d2af739969e878b0879c94