CVE-2021-47306
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
21/05/2024
Last modified:
26/12/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: fddi: fix UAF in fza_probe<br />
<br />
fp is netdev private data and it cannot be<br />
used after free_netdev() call. Using fp after free_netdev()<br />
can cause UAF bug. Fix it by moving free_netdev() after error message.<br />
<br />
TURBOchannel adapter")
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.135 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.53 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.13.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/04b06716838bfc26742dbed3ae1d3697fe5317ee
- https://git.kernel.org/stable/c/bdfbb51f7a437ae8ea91317a5c133ec13adf3c47
- https://git.kernel.org/stable/c/deb7178eb940e2c5caca1b1db084a69b2e59b4c9
- https://git.kernel.org/stable/c/f33605908a9b6063525e9f68e62d739948c5fccf
- https://git.kernel.org/stable/c/04b06716838bfc26742dbed3ae1d3697fe5317ee
- https://git.kernel.org/stable/c/bdfbb51f7a437ae8ea91317a5c133ec13adf3c47
- https://git.kernel.org/stable/c/deb7178eb940e2c5caca1b1db084a69b2e59b4c9
- https://git.kernel.org/stable/c/f33605908a9b6063525e9f68e62d739948c5fccf