CVE-2021-47311

HIGH

Linux Kernel 4.9-4.9.277 - Use-After-Free in emac_remove

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function.

Scores

CVSS v3 7.8
EPSS 0.0025
EPSS Percentile 16.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (18)
Linux/Linux < 4.9
Linux/Linux 4.14.241 - 4.14.*
Linux/Linux 4.19.199 - 4.19.*
Linux/Linux 4.9
Linux/Linux 4.9.277 - 4.9.*
Linux/Linux 5.10.53 - 5.10.*
Linux/Linux 5.13.5 - 5.13.*
Linux/Linux 5.14
Linux/Linux 5.4.135 - 5.4.*
Linux/Linux 54e19bc74f3380d414681762ceed9f7245bc6a6e - 11e9d163d631198bb3eb41a677a61b499516c0f7
... and 8 more
Published May 21, 2024
Tracked Since Feb 18, 2026