CVE-2021-47301

HIGH

Linux Kernel 4.12-4.14.240 - Use-After-Free in igb TX Ring Descriptor Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: igb: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning the TX ring. Failure to do so can cause invalid memory accesses. If igb_poll() runs while the controller is reset this can lead to the driver try to free a skb that was already freed. (The crash is harder to reproduce with the igb driver, but the same potential problem exists as the code is identical to igc)

Scores

CVSS v3 7.8
EPSS 0.0024
EPSS Percentile 14.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (16)
Linux/Linux < 4.12
Linux/Linux 4.12
Linux/Linux 4.14.241 - 4.14.*
Linux/Linux 4.19.199 - 4.19.*
Linux/Linux 5.10.54 - 5.10.*
Linux/Linux 5.13.6 - 5.13.*
Linux/Linux 5.14
Linux/Linux 5.4.136 - 5.4.*
Linux/Linux 7cc6fd4c60f267e17b0baef1580d7a6258c0a6f0 - 7b292608db23ccbbfbfa50cdb155d01725d7a52e
Linux/Linux 7cc6fd4c60f267e17b0baef1580d7a6258c0a6f0 - 88e0720133d42d34851c8721cf5f289a50a8710f
... and 6 more
Published May 21, 2024
Tracked Since Feb 18, 2026