CVE-2021-47311

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: qcom/emac: fix UAF in emac_remove

adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux54e19bc74f3380d414681762ceed9f7245bc6a6e < 4d04a42b926e682140776e54188f4a44f1f01a81affected
LinuxLinux54e19bc74f3380d414681762ceed9f7245bc6a6e < b1e091331920f8fbfc747dcbd16263fcd71abb2daffected
LinuxLinux54e19bc74f3380d414681762ceed9f7245bc6a6e < 11e9d163d631198bb3eb41a677a61b499516c0f7affected
LinuxLinux54e19bc74f3380d414681762ceed9f7245bc6a6e < 2b70ca92847c619d6264c7372ef74fcbfd1e048caffected
LinuxLinux54e19bc74f3380d414681762ceed9f7245bc6a6e < b560521eca03d0a2db6093a5a632cbdd0a0cf833affected
LinuxLinux54e19bc74f3380d414681762ceed9f7245bc6a6e < 8a225a6e07a57a1538d53637cb3d82bd3e477839affected
LinuxLinux54e19bc74f3380d414681762ceed9f7245bc6a6e < ad297cd2db8953e2202970e9504cab247b6c7cb4affected
LinuxLinux4.9affected
LinuxLinux0 < 4.9unaffected
LinuxLinux4.9.277 <= 4.9.*unaffected
LinuxLinux4.14.241 <= 4.14.*unaffected
LinuxLinux4.19.199 <= 4.19.*unaffected
LinuxLinux5.4.135 <= 5.4.*unaffected
LinuxLinux5.10.53 <= 5.10.*unaffected
LinuxLinux5.13.5 <= 5.13.*unaffected
LinuxLinux5.14 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References