Unrated severityNVD Advisory· Published Feb 27, 2024· Updated May 4, 2025

ACPI: custom_method: fix potential use-after-free issue

CVE-2021-46966

Description

In the Linux kernel, the following vulnerability has been resolved:

In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it.

Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function.

Affected products

osv-coords89 versions
pkg:rpm/suse/kernel-64kb&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/kernel-docs&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_46&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2 pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_42&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/kernel-preempt&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_56&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 5.3.18-150300.59.153.2+ 88 more
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150200.24.183.1.150200.9.93.2
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150200.24.183.1.150200.9.93.2
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150200.24.183.1.150200.9.93.2
- (no CPE)range: < 5.3.18-150300.59.153.2.150300.18.90.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 1-150200.5.3.2
- (no CPE)range: < 1-150300.7.3.2
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-10.182.1
- (no CPE)range: < 5.3.18-150300.161.1
- (no CPE)range: < 5.3.18-150300.161.1
- (no CPE)range: < 4.12.14-10.182.1
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 5.3.18-150300.161.1
- (no CPE)range: < 5.3.18-150300.161.1
- (no CPE)range: < 4.12.14-10.182.1
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 5.3.18-150300.59.153.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.1
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.1
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.3.18-150200.24.183.1
- (no CPE)range: < 5.3.18-150300.59.153.1
- (no CPE)range: < 4.12.14-10.182.1
- (no CPE)range: < 5.3.18-150300.59.153.2
- (no CPE)range: < 1-8.3.1
Linux/Linuxcpe-rescue
Range: 5.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000