An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.
References
Link | Resource |
---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.9 | Release Notes Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9 | Patch Vendor Advisory |
https://security.netapp.com/advisory/ntap-20210513-0005/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
17 May 2021, 20:13
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210513-0005/ - Third Party Advisory |
13 May 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 16:31
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.9 - Release Notes, Vendor Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9 - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CWE | CWE-416 |
26 Mar 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-26 22:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-29266
Mitre link : CVE-2021-29266
CVE.ORG link : CVE-2021-29266
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free