CVE-2021-3715

A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359	Mailing List Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

23 Sep 2022, 16:15

Type	Values Removed	Values Added
References	{'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1993988', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1993988', 'tags': ['Issue Tracking', 'Patch', 'Third Party Advisory'], 'refsource': 'MISC'} {'url': 'https://www.openwall.com/lists/oss-security/2021/09/07/1', 'name': 'https://www.openwall.com/lists/oss-security/2021/09/07/1', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MISC'} {'url': 'https://github.com/torvalds/linux/commit/ef299cc3fa1a9e1288665a9fdc8bff55629fd359', 'name': 'https://github.com/torvalds/linux/commit/ef299cc3fa1a9e1288665a9fdc8bff55629fd359', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'MISC'}

10 Mar 2022, 21:34

Type	Values Removed	Values Added
CWE		CWE-416
CPE		cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.8
References	~~(MISC) https://github.com/torvalds/linux/commit/ef299cc3fa1a9e1288665a9fdc8bff55629fd359 -~~	(MISC) https://github.com/torvalds/linux/commit/ef299cc3fa1a9e1288665a9fdc8bff55629fd359 - Patch, Vendor Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1993988 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1993988 - Issue Tracking, Patch, Third Party Advisory
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359 -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359 - Mailing List, Patch, Vendor Advisory
References	~~(MISC) https://www.openwall.com/lists/oss-security/2021/09/07/1 -~~	(MISC) https://www.openwall.com/lists/oss-security/2021/09/07/1 - Mailing List, Patch, Third Party Advisory

02 Mar 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-02 23:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-3715

Mitre link : CVE-2021-3715

CVE.ORG link : CVE-2021-3715

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10