7.8

CVE-2021-47301

igb: Fix use-after-free error during reset

In the Linux kernel, the following vulnerability has been resolved:

igb: Fix use-after-free error during reset

Cleans the next descriptor to watch (next_to_watch) when cleaning the
TX ring.

Failure to do so can cause invalid memory accesses. If igb_poll() runs
while the controller is reset this can lead to the driver try to free
a skb that was already freed.

(The crash is harder to reproduce with the igb driver, but the same
potential problem exists as the code is identical to igc)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.12 < 4.14.241
LinuxLinux Kernel Version >= 4.15 < 4.19.199
LinuxLinux Kernel Version >= 4.20 < 5.4.136
LinuxLinux Kernel Version >= 5.5 < 5.10.54
LinuxLinux Kernel Version >= 5.11 < 5.13.6
LinuxLinux Kernel Version5.14 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.147
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/7b292608db23ccbbfbfa50cdb155d01725d7a52e
Patch
https://git.kernel.org/stable/c/88e0720133d42d34851c8721cf5f289a50a8710f
Patch
https://git.kernel.org/stable/c/8e24c12f2ff6d32fd9f057382f08e748ec97194c
Patch
https://git.kernel.org/stable/c/d3ccb18ed5ac3283c7b31ecc685b499e580d5492
Patch
https://git.kernel.org/stable/c/d7367f781e5a9ca5df9082b15b272b55e76931f8
Patch
https://git.kernel.org/stable/c/f153664d8e70c11d0371341613651e1130e20240
Patch