7.8

CVE-2021-3347

Exploit

EPSS 0.21%
Veröffentlicht 29.01.2021 17:15:12
Zuletzt bearbeitet 21.11.2024 06:21:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 5.10.11

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version32

Fedoraproject ≫ Fedora Version33

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.44

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://www.openwall.com/lists/oss-security/2021/02/01/4

Third Party Advisory

Exploit

Mailing List

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2021/dsa-4843

Third Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/29/4

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2021/01/29/5

Third Party Advisory

Mailing List

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b79c55201f02ffd675e1231d731365e335c307

Patch

Vendor Advisory

Mailing List

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9

Patch

Vendor Advisory

Mailing List

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2156ac1934166d6deb6cd0f6ffc4c1076ec63697

Patch

Vendor Advisory

Mailing List

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34b1a1ce1458f50ef27c54e28eb9b1947012907a

Patch

Vendor Advisory

Mailing List

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ccc84f917d33312eb2846bd7b567639f585ad6d

Patch

Vendor Advisory

Mailing List

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5cade200ab9a2a3be9e7f32a752c8d86b502ec7

Patch

Vendor Advisory

Mailing List

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c64396cc36c6e60704ab06c1fb1c4a46179c9120

Patch

Vendor Advisory

Mailing List

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2dac39d93987f7de1e20b3988c8685523247ae2

Patch

Vendor Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXAVDAK4RLAHBHHGEPL73UFXSI6BXQ7Q/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOBMXDJABYE76RKNBAWA2E4TSSBX7CSJ/

https://security.netapp.com/advisory/ntap-20210304-0005/

Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/01/29/1

Third Party Advisory

Mailing List

https://www.openwall.com/lists/oss-security/2021/01/29/3

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2021-3347

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3347

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3347

EUVD