CVE-2021-29266
HIGHLinux Kernel 5.8-5.10.25 - Use-After-Free in vhost vdpa Driver
Title source: llmDescription
An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9
Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.9
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210513-0005/
Scores
CVSS v3
7.8
EPSS
0.0032
EPSS Percentile
23.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
linux/linux_kernel
5.8 - 5.10.26
Published
Mar 26, 2021
Tracked Since
Feb 18, 2026