{"id":"CVE-2021-47235","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: fix potential use-after-free in ec_bhf_remove\n\nstatic void ec_bhf_remove(struct pci_dev *dev)\n{\n...\n\tstruct ec_bhf_priv *priv = netdev_priv(net_dev);\n\n\tunregister_netdev(net_dev);\n\tfree_netdev(net_dev);\n\n\tpci_iounmap(dev, priv-\u003edma_io);\n\tpci_iounmap(dev, priv-\u003eio);\n...\n}\n\npriv is netdev private data, but it is used\nafter free_netdev(). It can cause use-after-free when accessing priv\npointer. So, fix it by moving free_netdev() after pci_iounmap()\ncalls.","modified":"2026-03-15T22:43:08.961108Z","published":"2024-05-21T15:15:12.777Z","related":["SUSE-SU-2024:1979-1","SUSE-SU-2024:1983-1","SUSE-SU-2024:2010-1","SUSE-SU-2024:2184-1","SUSE-SU-2024:2185-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130"},{"type":"FIX","url":"https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8"},{"type":"FIX","url":"https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2"},{"type":"FIX","url":"https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a"},{"type":"FIX","url":"https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6"},{"type":"FIX","url":"https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea"},{"type":"FIX","url":"https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6"},{"type":"FIX","url":"https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47235.json","unresolved_ranges":[{"events":[{"introduced":"3.15"},{"fixed":"4.4.274"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.9.274"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.238"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.196"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.128"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.46"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.12.13"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc5"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc6"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}