PT-2024-11302 · Linux+4 · Linux Kernel+4

Erez Geva

Published

2021-07-01

Updated

2024-12-26

CVE-2021-47301

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free error during reset in the igb driver. This occurs when the next to watch descriptor is not properly cleaned while cleaning the TX ring, leading to invalid memory accesses. If igb poll() runs while the controller is reset, it can cause the driver to attempt to free a skb that was already freed. The crash is harder to reproduce with the igb driver, but the same potential problem exists as the code is identical to igc.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-07320

CESA-2022_1988

CVE-2021-47301

OESA-2024-1736

OPENSUSE-SU-2024_2185-1

RHSA-2022:1988

RHSA-2022_1988

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2185-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2024-11302 · Linux+4 · Linux Kernel+4

CVE-2021-47301

Weakness Enumeration

Related Identifiers

Affected Products

References · 728