CVE-2021-47306

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: fddi: fix UAF in fza_probe

fp is netdev private data and it cannot be used after free_netdev() call. Using fp after free_netdev() can cause UAF bug. Fix it by moving free_netdev() after error message.

TURBOchannel adapter")

Affected Software

VendorProductVersion RangeStatus
LinuxLinux61414f5ec9834df8aa4f55c90de16b71a3d6ca8d < 04b06716838bfc26742dbed3ae1d3697fe5317eeaffected
LinuxLinux61414f5ec9834df8aa4f55c90de16b71a3d6ca8d < f33605908a9b6063525e9f68e62d739948c5fccfaffected
LinuxLinux61414f5ec9834df8aa4f55c90de16b71a3d6ca8d < bdfbb51f7a437ae8ea91317a5c133ec13adf3c47affected
LinuxLinux61414f5ec9834df8aa4f55c90de16b71a3d6ca8d < deb7178eb940e2c5caca1b1db084a69b2e59b4c9affected
LinuxLinux4.20affected
LinuxLinux0 < 4.20unaffected
LinuxLinux5.4.135 <= 5.4.*unaffected
LinuxLinux5.10.53 <= 5.10.*unaffected
LinuxLinux5.13.5 <= 5.13.*unaffected
LinuxLinux5.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References