PT-2021-2998 · Linux+8 · Linux Kernel+8

Butt3Rflyh4Ck

·

Published

2021-01-25

·

Updated

2022-04-26

·

CVE-2021-3348

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.10.12
Description The issue is related to a use-after-free in the ndb queue rq function in the Linux kernel, specifically in the drivers/block/nbd.c file. This could be triggered by local attackers with access to the nbd device via an I/O request at a certain point during device setup, potentially allowing them to execute arbitrary code.
Recommendations For Linux kernel versions through 5.10.12, update to a version newer than 5.10.12 to resolve the issue. As a temporary workaround, consider restricting access to the nbd device to minimize the risk of exploitation.

Fix

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362

Related Identifiers

ALSA-2021:4356
ALT-PU-2021-1208
ALT-PU-2021-1249
ALT-PU-2021-1339
ALT-PU-2021-1417
ALT-PU-2021-1424
ALT-PU-2021-1446
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
BDU:2021-02591
CESA-2021_4140
CESA-2021_4356
CVE-2021-3348
DLA-2610-1
MGASA-2021-0061
MGASA-2021-0085
OESA-2021-1086
OESA-2021-1087
OPENSUSE-SU-2021:0241-1
OPENSUSE-SU-2021_0241-1
RHSA-2021:4140
RHSA-2021:4356
RHSA-2021_4140
RHSA-2021_4356
SUSE-SU-2021:0347-1
SUSE-SU-2021:0354-1
SUSE-SU-2021:0427-1
SUSE-SU-2021:0433-1
SUSE-SU-2021:0434-1
SUSE-SU-2021:0438-1
SUSE-SU-2021:0532-1
SUSE-SU-2021:0739-1
SUSE-SU-2021:0742-1
SUSE-SU-2021_0739-1
SUSE-SU-2021_0742-1
USN-4884-1
USN-4907-1
USN-4909-1
USN-4910-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu