SB2024062020 - Use-after-free in Linux kernel intel igbvf driver
Published: June 20, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062020
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2021-47589)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igbvf_probe() function in drivers/net/ethernet/intel/igbvf/netdev.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb
- https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49
- https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc
- https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac
- https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a
- https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411
- https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54
- https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.259
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.296
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.294
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.88
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.168