Detections
Analytics

CVE-2021-47306

high

Description

In the Linux kernel, the following vulnerability has been resolved: net: fddi: fix UAF in fza_probe fp is netdev private data and it cannot be used after free_netdev() call. Using fp after free_netdev() can cause UAF bug. Fix it by moving free_netdev() after error message. TURBOchannel adapter")

References

https://git.kernel.org/stable/c/f33605908a9b6063525e9f68e62d739948c5fccf

https://git.kernel.org/stable/c/deb7178eb940e2c5caca1b1db084a69b2e59b4c9

https://git.kernel.org/stable/c/bdfbb51f7a437ae8ea91317a5c133ec13adf3c47

https://git.kernel.org/stable/c/04b06716838bfc26742dbed3ae1d3697fe5317ee

Details

Source: Mitre, NVD

Published: 2024-05-21

Updated: 2024-12-26

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0005