CVE-2021-46973: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-46973 is a use-after-free vulnerability discovered in the Linux kernel's QRTR (Qualcomm IPC Router) MHI transport layer. The vulnerability was disclosed in February 2024 and affects the net/qrtr subsystem. The issue occurs when the MHI ul_callback is invoked immediately following the queueing of an skb for transmission, which can lead to a use-after-free condition (NVD).

The vulnerability stems from a timing issue in the MHI send functionality where the MHI ul_callback could be invoked immediately after queueing the skb for transmission. This would cause the callback to decrement the refcount of the associated sk and free the skb prematurely. The technical issue involves the dereference of skb and the increment of the sk refcount occurring after the skb is queued, potentially leading to a use-after-free condition and the sk dropping its last refcount. The vulnerability has been assigned a CVSS v3.1 base score of 8.4 (HIGH) by CISA-ADP with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to a use-after-free condition in the Linux kernel's QRTR subsystem, potentially resulting in system crashes or memory corruption. This could affect the availability of the system and potentially lead to privilege escalation or system compromise (NVD).

The vulnerability has been patched in the Linux kernel through a fix that ensures the dereference of skb and increment of sk refcount happens before the skb is queued for transmission. The fix involves moving the sock_hold() call earlier in the code execution path (Kernel Patch).