CVE-2021-46991

Summary

In the Linux kernel, the following vulnerability has been resolved:

i40e: Fix use-after-free in i40e_client_subtask()

Currently the call to i40e_client_del_instance frees the object pf->cinst, however pf->cinst->lan_info is being accessed after the free. Fix this by adding the missing return.

Addresses-Coverity: ("Read from pointer after free")

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7b0b1a6d0ac983ce1928432285d0222d4fb7c38b < c1322eaeb8af0d8985b5cc5fa759140fa0e57b84affected
LinuxLinux7b0b1a6d0ac983ce1928432285d0222d4fb7c38b < d718c15a2bf9ae082d5ae4d177fb19ef23cb4132affected
LinuxLinux7b0b1a6d0ac983ce1928432285d0222d4fb7c38b < 829a713450b8fb127cbabfc1244c1d8179ec5107affected
LinuxLinux7b0b1a6d0ac983ce1928432285d0222d4fb7c38b < 4ebc10aa7cd17fd9857dedac69600465c9dd16d1affected
LinuxLinux7b0b1a6d0ac983ce1928432285d0222d4fb7c38b < 1fd5d262e7442192ac7611ff1597a36c5b044323affected
LinuxLinux7b0b1a6d0ac983ce1928432285d0222d4fb7c38b < 38318f23a7ef86a8b1862e5e8078c4de121960c3affected
LinuxLinux4.16affected
LinuxLinux0 < 4.16unaffected
LinuxLinux4.19.191 <= 4.19.*unaffected
LinuxLinux5.4.120 <= 5.4.*unaffected
LinuxLinux5.10.38 <= 5.10.*unaffected
LinuxLinux5.11.22 <= 5.11.*unaffected
LinuxLinux5.12.5 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References