PT-2024-11303 · Linux+2 · Linux Kernel+2

Erez Geva

Published

2021-07-01

Updated

2024-12-26

CVE-2021-47302

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.10.30-rt37-tsn1-rt-ipipe

Description The vulnerability is a use-after-free error that occurs during the reset of the igc driver. This error can cause the driver to attempt to free a socket buffer (skb) that has already been freed, leading to invalid memory accesses. The issue arises when the igc poll() function runs while the controller is being reset, and the next to watch descriptor is not properly cleaned.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, ensure that the igc driver is updated to properly clean the next to watch descriptor during the reset process.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-02790

CVE-2021-47302

OPENSUSE-SU-2024_2185-1

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2185-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2024-11303 · Linux+2 · Linux Kernel+2

CVE-2021-47302

Weakness Enumeration

Related Identifiers

Affected Products

References · 670