UBUNTU-CVE-2021-4454

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2021-4454

Published: 27 Mar 2025, 17:15

Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

3.1 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Mar 2025, 17:15

Published

Vulnerability first disclosed

03 Jun 2026, 13:34

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate The conclusion "j1939_session_deactivate() should be called with a session ref-count of at least 2" is incorrect. In some concurrent scenarios, j1939_session_deactivate can be called with the session ref-count less than 2. But there is not any problem because it will check the session active state before session putting in j1939_session_deactivate_locked(). Here is the concurrent scenario of the problem reported by syzbot and my reproduction log. cpu0 cpu1 j1939_xtp_rx_eoma j1939_xtp_rx_abort_one j1939_session_get_by_addr [kref == 2] j1939_session_get_by_addr [kref == 3] j1939_session_deactivate [kref == 2] j1939_session_put [kref == 1] j1939_session_completed j1939_session_deactivate WARN_ON_ONCE(kref < 2) ===================================================== WARNING: CPU: 1 PID: 21 at net/can/j1939/transport.c:1088 j1939_session_deactivate+0x5f/0x70 CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 5.14.0-rc7+ #32 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1 04/01/2014 RIP: 0010:j1939_session_deactivate+0x5f/0x70 Call Trace: j1939_session_deactivate_activate_next+0x11/0x28 j1939_xtp_rx_eoma+0x12a/0x180 j1939_tp_recv+0x4a2/0x510 j1939_can_recv+0x226/0x380 can_rcv_filter+0xf8/0x220 can_receive+0x102/0x220 ? process_backlog+0xf0/0x2c0 can_rcv+0x53/0xf0 __netif_receive_skb_one_core+0x67/0x90 ? process_backlog+0x97/0x2c0 __netif_receive_skb+0x22/0x80

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

ubuntu•linux
< 5.4.0-149.166 | < 5.15.0-72.79
ubuntu•linux-allwinner-5.19
all
ubuntu•linux-aws
< 5.4.0-1102.110 | < 5.15.0-1036.40
ubuntu•linux-aws-5.0
all
ubuntu•linux-aws-5.11
all
ubuntu•linux-aws-5.13
all
ubuntu•linux-aws-5.15
< 5.15.0-1036.40~20.04.1
ubuntu•linux-aws-5.19
all
ubuntu•linux-aws-5.3
all
ubuntu•linux-aws-5.4
< 5.4.0-1103.111~18.04.1
ubuntu•linux-aws-5.8
all
ubuntu•linux-aws-6.2
all
ubuntu•linux-aws-6.5
all
ubuntu•linux-aws-fips
< 5.4.0-1102.110+fips1
ubuntu•linux-azure
all | < 5.4.0-1108.114 | < 5.15.0-1038.45
ubuntu•linux-azure-5.11
all
ubuntu•linux-azure-5.13
all
ubuntu•linux-azure-5.15
< 5.15.0-1038.45~20.04.1
ubuntu•linux-azure-5.19
all
ubuntu•linux-azure-5.3
all
ubuntu•linux-azure-5.4
< 5.4.0-1108.114~18.04.1
ubuntu•linux-azure-5.8
all
ubuntu•linux-azure-6.2
all
ubuntu•linux-azure-6.5
all
ubuntu•linux-azure-edge
all
ubuntu•linux-azure-fde
all | all
ubuntu•linux-azure-fde-5.19
all
ubuntu•linux-azure-fde-6.2
all
ubuntu•linux-azure-fips
< 5.4.0-1108.114+fips1
ubuntu•linux-bluefield
< 5.15.0-1017.19 | < 5.4.0-1064.70 | < 5.15.0-1017.19 | all
ubuntu•linux-fips
< 5.4.0-1077.86
ubuntu•linux-gcp
all | < 5.4.0-1105.114 | < 5.15.0-1034.42
ubuntu•linux-gcp-5.11
all
ubuntu•linux-gcp-5.13
all
ubuntu•linux-gcp-5.15
< 5.15.0-1034.42~20.04.1
ubuntu•linux-gcp-5.19
all
ubuntu•linux-gcp-5.3
all
ubuntu•linux-gcp-5.4
< 5.4.0-1105.114~18.04.1
ubuntu•linux-gcp-5.8
all
ubuntu•linux-gcp-6.2
all
ubuntu•linux-gcp-6.5
all
ubuntu•linux-gcp-fips
< 5.4.0-1105.114+fips1
ubuntu•linux-gke
all | < 5.15.0-1033.38
ubuntu•linux-gke-4.15
all
ubuntu•linux-gke-5.15
all
ubuntu•linux-gke-5.4
all
ubuntu•linux-gkeop
all | < 5.15.0-1020.25
ubuntu•linux-gkeop-5.15
all
ubuntu•linux-gkeop-5.4
all
ubuntu•linux-hwe
all

Showing first 50 affected entries in server-rendered view.