PT-2021-8212 · Linux+4 · Linux Kernel+4

Zheyu Ma

Published

2021-12-15

Updated

2025-11-10

CVE-2021-47589

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to a double free issue in the igbvf probe function. When register netdev fails, the program goes to the err hw init label and then to the err ioremap label. In free netdev, there is a list for each entry safe and netif napi del which aims to delete all entries in dev->napi list. However, adapter->rx ring has been freed below the err hw init label, causing a use-after-free (UAF) issue. The KASAN logs indicate a use-after-free in free netdev+0x1fd/0x450. To patch the problem, one can refer to igbvf remove and delete the entry before adapter->rx ring.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-416

Related Identifiers

BDU:2024-11525

CVE-2021-47589

OPENSUSE-SU-2024_2362-1

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

OPENSUSE-SU-2024_4140-1

SUSE-SU-2024:2360-1

SUSE-SU-2024:2362-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2384-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:4038-1

SUSE-SU-2024:4103-1

SUSE-SU-2024:4140-1

SUSE-SU-2024_4038-1

USN-7797-1

USN-7797-2

USN-7797-3

USN-7865-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

Ubuntu

PT-2021-8212 · Linux+4 · Linux Kernel+4

CVE-2021-47589

Weakness Enumeration

Related Identifiers

Affected Products

References · 1533