CVE-2021-4028
HIGHLinux Kernel >=5.10 <5.10.71 - Use-After-Free in RDMA Listener Socket Setup
Title source: llmDescription
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
References (6)
Core 6
Core References
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-4028
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2027201
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0
Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74
Mailing List, Patch, Vendor Advisory
https://lkml.org/lkml/2021/10/4/697
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221228-0002/
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
10.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (2)
linux/linux_kernel
5.10 - 5.10.71
suse/linux_enterprise
15.0 sp3 (2 CPE variants)
Published
Aug 24, 2022
Tracked Since
Feb 18, 2026