CVE-2021-47311
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: qcom/emac: fix UAF in emac_remove
adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 54e19bc74f3380d414681762ceed9f7245bc6a6e < 4d04a42b926e682140776e54188f4a44f1f01a81 | affected |
| Linux | Linux | 54e19bc74f3380d414681762ceed9f7245bc6a6e < b1e091331920f8fbfc747dcbd16263fcd71abb2d | affected |
| Linux | Linux | 54e19bc74f3380d414681762ceed9f7245bc6a6e < 11e9d163d631198bb3eb41a677a61b499516c0f7 | affected |
| Linux | Linux | 54e19bc74f3380d414681762ceed9f7245bc6a6e < 2b70ca92847c619d6264c7372ef74fcbfd1e048c | affected |
| Linux | Linux | 54e19bc74f3380d414681762ceed9f7245bc6a6e < b560521eca03d0a2db6093a5a632cbdd0a0cf833 | affected |
| Linux | Linux | 54e19bc74f3380d414681762ceed9f7245bc6a6e < 8a225a6e07a57a1538d53637cb3d82bd3e477839 | affected |
| Linux | Linux | 54e19bc74f3380d414681762ceed9f7245bc6a6e < ad297cd2db8953e2202970e9504cab247b6c7cb4 | affected |
| Linux | Linux | 4.9 | affected |
| Linux | Linux | 0 < 4.9 | unaffected |
| Linux | Linux | 4.9.277 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.241 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.199 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.135 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.53 <= 5.10.* | unaffected |
| Linux | Linux | 5.13.5 <= 5.13.* | unaffected |
| Linux | Linux | 5.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81
- https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d
- https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7
- https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c
- https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833
- https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839
- https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247b6c7cb4
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81
- https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d
- https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7
- https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c
- https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833
- https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839
- https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247b6c7cb4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.