CVE-2021-46991

HIGH

Linux Kernel 4.16-4.19.191 - Use-After-Free in i40e_client_subtask

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix use-after-free in i40e_client_subtask() Currently the call to i40e_client_del_instance frees the object pf->cinst, however pf->cinst->lan_info is being accessed after the free. Fix this by adding the missing return. Addresses-Coverity: ("Read from pointer after free")

Scores

CVSS v3 7.8
EPSS 0.0024
EPSS Percentile 14.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (15)
Linux/Linux < 4.16
Linux/Linux 4.16
Linux/Linux 4.19.191 - 4.19.*
Linux/Linux 5.10.38 - 5.10.*
Linux/Linux 5.11.22 - 5.11.*
Linux/Linux 5.12.5 - 5.12.*
Linux/Linux 5.13
Linux/Linux 5.4.120 - 5.4.*
Linux/Linux 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b - 1fd5d262e7442192ac7611ff1597a36c5b044323
Linux/Linux 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b - 38318f23a7ef86a8b1862e5e8078c4de121960c3
... and 5 more
Published Feb 28, 2024
Tracked Since Feb 18, 2026