PT-2021-2461 · Linux+3 · Linux Kernel+3

Published

2021-03-14

Updated

2023-02-24

CVE-2021-29266

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.11.9

Description An issue in the Linux kernel is related to a use-after-free error in the vhost vdpa config put() function. This occurs because v->config ctx has an invalid value when a character device is re-opened. The exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations For Linux kernel versions prior to 5.11.9, update to version 5.11.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the drivers/vhost/vdpa.c module to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2021-1566

ALT-PU-2021-1578

ALT-PU-2021-1609

ALT-PU-2021-1616

ALT-PU-2021-1618

ALT-PU-2021-1869

AZL-6548

BDU:2021-01827

CVE-2021-29266

MGASA-2021-0174

MGASA-2021-0175

USN-4948-1

USN-4949-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Ubuntu

PT-2021-2461 · Linux+3 · Linux Kernel+3

CVE-2021-29266

Weakness Enumeration

Related Identifiers

Affected Products

References · 101