{"id":"CVE-2021-46966","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: custom_method: fix potential use-after-free issue\n\nIn cm_write(), buf is always freed when reaching the end of the\nfunction.  If the requested count is less than table.length, the\nallocated buffer will be freed but subsequent calls to cm_write() will\nstill try to access it.\n\nRemove the unconditional kfree(buf) at the end of the function and\nset the buf to NULL in the -EINVAL error path to match the rest of\nfunction.","modified":"2026-03-13T05:20:26.619008Z","published":"2024-02-27T19:04:07.127Z","related":["SUSE-SU-2024:0856-1","SUSE-SU-2024:0857-1","SUSE-SU-2024:0926-1","SUSE-SU-2024:1643-1","SUSE-SU-2024:1646-1","SUSE-SU-2024:1870-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/8b04d57f30caf76649d0567551589af9a66ca9be"},{"type":"FIX","url":"https://git.kernel.org/stable/c/a5b26a2e362f572d87e9fd35435680e557052a17"},{"type":"FIX","url":"https://git.kernel.org/stable/c/f16737caf41fc06cfe6e49048becb09657074d4b"},{"type":"FIX","url":"https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3bf7e394"},{"type":"FIX","url":"https://git.kernel.org/stable/c/62dc2440ebb552aa0d7f635e1697e077d9d21203"},{"type":"FIX","url":"https://git.kernel.org/stable/c/72814a94c38a33239793f7622cec6ace1e540c4b"},{"type":"FIX","url":"https://git.kernel.org/stable/c/90575d1d9311b753cf1718f4ce9061ddda7dfd23"},{"type":"FIX","url":"https://git.kernel.org/stable/c/b7a5baaae212a686ceb812c32fceed79c03c0234"},{"type":"FIX","url":"https://git.kernel.org/stable/c/e483bb9a991bdae29a0caa4b3a6d002c968f94aa"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46966.json","unresolved_ranges":[{"events":[{"introduced":"4.4.195"},{"fixed":"4.4.269"}]},{"events":[{"introduced":"4.9.195"},{"fixed":"4.9.269"}]},{"events":[{"introduced":"4.14.147"},{"fixed":"4.14.233"}]},{"events":[{"introduced":"4.19.77"},{"fixed":"4.19.191"}]},{"events":[{"introduced":"5.4"},{"fixed":"5.4.118"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.36"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.11.20"}]},{"events":[{"introduced":"5.12"},{"fixed":"5.12.3"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}