CVE-2021-47670: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2021-47670) was discovered in the Linux kernel's CAN (Controller Area Network) peakusb driver. The vulnerability was disclosed on April 17, 2025, affecting Linux kernel versions from 4.0 to 5.10.11. The issue occurs in the peakusb driver where after calling peakusbnetifrxni(skb), dereferencing skb becomes unsafe, particularly when the can_frame cf which aliases skb memory is accessed after the function call (NVD, Debian Tracker).

The vulnerability is classified as a Use After Free (CWE-416) issue. According to the CVSS 3.1 scoring system, it received a base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity and no user interaction needed (NVD).

The vulnerability could potentially lead to high impacts on confidentiality, integrity, and availability of the affected systems, as indicated by the CVSS scoring. The issue affects multiple Linux distributions including Ubuntu 20.04 LTS focal and various other versions (Ubuntu).

The issue has been fixed through patches in various Linux kernel versions. Debian has released fixes in versions 5.10.223-1 for bullseye, 6.1.129-1 for bookworm, and 6.12.22-1 for trixie. Ubuntu has marked the vulnerability as 'work in progress' for certain versions including 20.04 LTS focal (Debian Tracker, Ubuntu).