CVE-2021-47299

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.13.0

Description A use-after-free vulnerability has been identified in the Linux kernel, specifically in the bpf xdp link release function. This issue occurs when the dev get by index and dev xdp attach link functions are called, leading to a situation where the dev xdp uninstall function is invoked, causing the xdp link to not be detached automatically when the device is released. As a result, the link->dev pointer still points to the device, which has already been released, resulting in a use-after-free error.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions prior to 5.13.0 are affected, so updating to 5.13.0 or later will mitigate this issue.

Note: The provided input does not specify the exact fixed version, but based on the information given, it is clear that version 5.13.0 is the version where the issue was identified, and thus, updating to this or a later version should resolve the issue.