Linux · Xen-Netback · CVE-2021-28691
**Name of the Vulnerable Software and Affected Versions**
Linux xen-netback (affected versions not specified)
**Description**
A use-after-free issue exists in Linux xen-netback due to insufficient input validation. This can be triggered by a malicious or buggy network PV frontend sending a malformed packet, causing the interface to be disabled and the receive kernel thread associated with queue 0 to terminate. As a result, when the backend is destroyed, a use-after-free occurs because the kernel thread associated with queue 0 has already exited, leading to a call to `kthread stop` being performed against a stale pointer. The exploitation of this issue may allow a remote attacker to elevate privileges or disclose protected information.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.