CVE-2021-28691 — Use After Free in Linux
Severity
7.8HIGHNVD
OSV4.2
EPSS
0.0%
top 91.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 29
Latest updateMar 15
Description
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages10 packages
▶CVEListV5linux/linux2ac061ce97f413bfbbdd768f7d2e0fda2e8170df — 6b53db8c4c14b4e7256f058d202908b54a7b85b4+3
🔴Vulnerability Details
8GHSA▶
GHSA-97vv-3jqh-r766: In the Linux kernel, the following vulnerability has been resolved:
xen-netback: take a reference to the RX task thread
Do this in order to prevent↗2024-03-15
OSV▶
CVE-2021-47111: In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent th↗2024-03-15
GHSA▶
GHSA-5gvc-4qph-j93r: Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and term↗2022-05-24
OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.11, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-08-18
📋Vendor Advisories
7Microsoft▶
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with qu↗2021-06-08