Description
A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1873476
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210401-0001/
Scores
CVSS v3
7.8
EPSS
0.0009
EPSS Percentile
25.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (2)
linux/linux_kernel
5.5 - 5.8.18
netapp/cloud_backup
Published
Feb 23, 2021
Tracked Since
Feb 18, 2026