CVE-2021-47049
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
28/02/2024
Last modified:
09/12/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
Drivers: hv: vmbus: Use after free in __vmbus_open()<br />
<br />
The "open_info" variable is added to the &vmbus_connection.chn_msg_list,<br />
but the error handling frees "open_info" without removing it from the<br />
list. This will result in a use after free. First remove it from the<br />
list, and then free it.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14 (including) | 5.10.37 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.11.21 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.12 (including) | 5.12.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/2728f289b3270b0e273292b46c534421a33bbfd5
- https://git.kernel.org/stable/c/3e9bf43f7f7a46f21ec071cb47be92d0874c48da
- https://git.kernel.org/stable/c/d5c7b42c9f56ca46b286daa537d181bd7f69214f
- https://git.kernel.org/stable/c/f37dd5d1b5d38a79a4f7b8dd7bbb705505f05560
- https://git.kernel.org/stable/c/2728f289b3270b0e273292b46c534421a33bbfd5
- https://git.kernel.org/stable/c/3e9bf43f7f7a46f21ec071cb47be92d0874c48da
- https://git.kernel.org/stable/c/d5c7b42c9f56ca46b286daa537d181bd7f69214f
- https://git.kernel.org/stable/c/f37dd5d1b5d38a79a4f7b8dd7bbb705505f05560