CVE-2021-46991
HIGHLinux Kernel 4.16-4.19.191 - Use-After-Free in i40e_client_subtask
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix use-after-free in i40e_client_subtask() Currently the call to i40e_client_del_instance frees the object pf->cinst, however pf->cinst->lan_info is being accessed after the free. Fix this by adding the missing return. Addresses-Coverity: ("Read from pointer after free")
References (6)
Core 6
Core References
Scores
CVSS v3
7.8
EPSS
0.0024
EPSS Percentile
14.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (15)
Linux/Linux
< 4.16
Linux/Linux
4.16
Linux/Linux
4.19.191 - 4.19.*
Linux/Linux
5.10.38 - 5.10.*
Linux/Linux
5.11.22 - 5.11.*
Linux/Linux
5.12.5 - 5.12.*
Linux/Linux
5.13
Linux/Linux
5.4.120 - 5.4.*
Linux/Linux
7b0b1a6d0ac983ce1928432285d0222d4fb7c38b - 1fd5d262e7442192ac7611ff1597a36c5b044323
Linux/Linux
7b0b1a6d0ac983ce1928432285d0222d4fb7c38b - 38318f23a7ef86a8b1862e5e8078c4de121960c3
... and 5 more
Published
Feb 28, 2024
Tracked Since
Feb 18, 2026