Description
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
References (8)
Core 8
Core References
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/11/05/2
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/11/20/5
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210702-0006/
Mailing List x_refsource_misc
https://www.openwall.com/lists/oss-security/2020/11/05/2%2C
Mailing List x_refsource_misc
https://www.openwall.com/lists/oss-security/2020/11/20/5%2C
Scores
CVSS v3
7.8
EPSS
0.0014
EPSS Percentile
33.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (13)
debian/debian_linux
9.0
linux/linux_kernel
< 4.4.245
netapp/cloud_backup
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
netapp/h700e_firmware
... and 3 more
Published
May 26, 2021
Tracked Since
Feb 18, 2026