CVE-2021-47311 : In the Linux kernel, the following vulnerability has been resolved: net: qcom/e

In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function.

Published 2024-05-21 14:35:29

Updated 2024-12-26 19:50:44

Source Linux

View at NVD, CVE.org

Products affected by CVE-2021-47311

Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.53
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.9 and before (<) 4.9.277
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.20 and before (<) 5.4.135
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.10 and before (<) 4.14.241
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.13.5
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.15 and before (<) 4.19.199
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.14 Update RC1
cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47311

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47311

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2024-12-26
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-47311

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-47311

https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81

net: qcom/emac: fix UAF in emac_remove - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c

net: qcom/emac: fix UAF in emac_remove - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833

net: qcom/emac: fix UAF in emac_remove - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247b6c7cb4

net: qcom/emac: fix UAF in emac_remove - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d

net: qcom/emac: fix UAF in emac_remove - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839

net: qcom/emac: fix UAF in emac_remove - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7

net: qcom/emac: fix UAF in emac_remove - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47311

Products affected by CVE-2021-47311

Exploit prediction scoring system (EPSS) score for CVE-2021-47311

CVSS scores for CVE-2021-47311

CWE ids for CVE-2021-47311

References for CVE-2021-47311