Use-after-free in Linux kernel intel igb driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47301 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU90098
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47301
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igb_clean_tx_ring() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3http://git.kernel.org/stable/c/d7367f781e5a9ca5df9082b15b272b55e76931f8
http://git.kernel.org/stable/c/d3ccb18ed5ac3283c7b31ecc685b499e580d5492
http://git.kernel.org/stable/c/88e0720133d42d34851c8721cf5f289a50a8710f
http://git.kernel.org/stable/c/f153664d8e70c11d0371341613651e1130e20240
http://git.kernel.org/stable/c/8e24c12f2ff6d32fd9f057382f08e748ec97194c
http://git.kernel.org/stable/c/7b292608db23ccbbfbfa50cdb155d01725d7a52e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
