PT-2024-10331 · Linux+2 · Linux Kernel+2

Govindarajulu Varadarajan

Published

2024-02-28

Updated

2024-12-06

CVE-2021-46998

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use after free bug in the enic hard start xmit function. This function calls enic queue wq skb(), which may free the skb if an error occurs. However, the freed skb is still used in skb tx timestamp(skb), potentially leading to a denial of service. The solution involves making enic queue wq skb() return an error and goto spin unlock() in case of an error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-00810

CVE-2021-46998

OESA-2024-1345

OESA-2024-1346

OPENSUSE-SU-2024_1489-1

SUSE-SU-2024:1454-1

SUSE-SU-2024:1465-1

SUSE-SU-2024:1489-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1870-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2024-10331 · Linux+2 · Linux Kernel+2

CVE-2021-46998

Weakness Enumeration

Related Identifiers

Affected Products

References · 634