PT-2021-8036 · Linux+3 · Linux Kernel+3

James Smart

Published

2021-10-20

Updated

2026-03-14

CVE-2021-47198

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free error in the lpfc unreg rpi() routine. The NLP REG LOGIN SEND nlp flag is set in lpfc reg fab ctrl node(), but not cleared upon completion of the login, allowing a second call to lpfc unreg rpi() to proceed with nlp rpi set to LPFC RPI ALLOW ERROR. This results in a use-after-free access when used as an rpi ids array index. The error is detected with the report "KASAN: use-after-free in lpfc unreg rpi+0x1b1b".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-03692

CVE-2021-47198

OPENSUSE-SU-2024_1641-1

OPENSUSE-SU-2024_1642-1

OPENSUSE-SU-2024_1644-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

SUSE-SU-2024:1641-1

SUSE-SU-2024:1642-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1644-1

SUSE-SU-2024:1645-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1647-1

SUSE-SU-2024:1650-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:1870-1

Affected Products

Debian

Linux Kernel

Red Os

Suse

PT-2021-8036 · Linux+3 · Linux Kernel+3

CVE-2021-47198

Weakness Enumeration

Related Identifiers

Affected Products

References · 836