CVE-2021-47596

EPSS 0.01%
Veröffentlicht 19.06.2024 15:15:54
Zuletzt bearbeitet 21.11.2024 06:36:37
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg

Currently, the hns3_remove function firstly uninstall client instance,
and then uninstall acceletion engine device. The netdevice is freed in
client instance uninstall process, but acceletion engine device uninstall
process still use it to trace runtime information. This causes a use after
free problem.

So fixes it by check the instance register state to avoid use after free.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.8 < 5.10.88

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.013

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542

Patch

https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4

Patch

https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0

Patch

https://nvd.nist.gov/vuln/detail/CVE-2021-47596

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-47596

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-47596

EUVD