Vulnerability Details : CVE-2021-45868
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-45868
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Threat overview for CVE-2021-45868
Top countries where our scanners detected CVE-2021-45868
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2021-45868 957,713
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2021-45868!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-45868
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-45868
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2021-45868
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-45868
-
https://bugzilla.kernel.org/show_bug.cgi?id=214655
214655 – BUG: unable to handle kernel paging request in __dquot_free_spaceExploit;Issue Tracking;Vendor Advisory
-
https://www.openwall.com/lists/oss-security/2022/03/17/2
oss-security - Re: Linux Kernel 5.15-rc-ksmbd-part2 is affected by: Buffer Overflow. The impact is: use-after-free (local).Exploit;Mailing List;Patch;Third Party Advisory
-
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.3
Mailing List;Release Notes;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20220419-0003/
February 2022 Linux Kernel 5.15.2 Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bf3d20331295b1ecb81f4ed9ef358c51699a050
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Vendor Advisory
-
https://www.openwall.com/lists/oss-security/2022/03/17/1
oss-security - Linux Kernel 5.15-rc-ksmbd-part2 is affected by: Buffer Overflow. The impact is: use-after-free (local).Exploit;Mailing List;Patch;Third Party Advisory
Jump to