CVE-2021-44733

HIGH

Linux Kernel < 5.15.11 - Race Condition

Title source: rule

Description

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

Exploits (1)

nomisec WRITEUP 76 stars

by pjlantz · poc

https://github.com/pjlantz/optee-qemu

View Code ZIP pw:eip

References (7)

Core 7

Core References

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

Third Party Advisory vendor-advisory

https://www.debian.org/security/2022/dsa-5096

Mailing List

https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander%40linaro.org/

Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c

Exploit, Third Party Advisory

https://github.com/pjlantz/optee-qemu/blob/main/README.md

View Exploit ZIP pw:eip

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220114-0003/

Patch

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfd0743f1d9ea76931510ed150334d571fbab49d

Scores

CVSS v3 7.0

EPSS 0.0028

EPSS Percentile 51.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362

Status published

Products (14)

debian/debian_linux 9.0

debian/debian_linux 10.0

debian/debian_linux 11.0

fedoraproject/fedora 35

linux/linux_kernel < 5.15.11

netapp/h300e_firmware

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500e_firmware

... and 4 more

Published Dec 22, 2021

Tracked Since Feb 18, 2026