PT-2021-8138 · Linux+4 · Linux Kernel+4

Published

2021-12-17

Updated

2025-01-14

CVE-2021-47082

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to a double-free issue in the tun free netdev() function. This issue can be exploited to execute arbitrary code and elevate privileges. The problem arises from the dev->tstats and tun->security allocations being moved to a new ndo init routine (tun net init()) that is called by register netdevice(). If an error occurs during register netdevice(), the destructor (tun free netdev()) will handle the frees, potentially leading to a double-free or invalid-free condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2024-08406

CVE-2021-47082

OESA-2024-1567

OESA-2024-1569

OESA-2024-1618

OPENSUSE-SU-2024_1321-1

OPENSUSE-SU-2024_1322-1

OPENSUSE-SU-2024_1322-2

OPENSUSE-SU-2024_1332-1

OPENSUSE-SU-2024_1332-2

OPENSUSE-SU-2024_1466-1

OPENSUSE-SU-2024_1480-1

OPENSUSE-SU-2024_1489-1

OPENSUSE-SU-2024_1490-1

SUSE-SU-2024:1320-1

SUSE-SU-2024:1321-1

SUSE-SU-2024:1454-1

SUSE-SU-2024:1465-1

SUSE-SU-2024:1466-1

SUSE-SU-2024:1480-1

SUSE-SU-2024:1489-1

SUSE-SU-2024:1490-1

USN-7185-1

USN-7185-2

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

Ubuntu

PT-2021-8138 · Linux+4 · Linux Kernel+4

CVE-2021-47082

Weakness Enumeration

Related Identifiers

Affected Products

References · 831