CVE-2021-47310: net: ti: fix UAF in tlan_remove_one
In the Linux kernel, the following vulnerability has been resolved:
net: ti: fix UAF in tlanremoveone
priv is netdev private data and it cannot be used after freenetdev() call. Using priv after freenetdev() can cause UAF bug. Fix it by moving freenetdev() at the end of the function.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
net: ti: fix UAF in tlanremoveone
The Linux kernel CVE team has assigned CVE-2021-47310 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052128-CVE-2021-47310-a59d@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2021-47310?
CVE-2021-47310 has a medium severity rating due to the potential for a use-after-free vulnerability in the Linux kernel.
How do I fix CVE-2021-47310?
To fix CVE-2021-47310, update to one of the patched kernel versions: 4.4.277, 4.9.277, 4.14.241, 4.19.199, 5.4.135, 5.10.53, 5.13.5, or 5.14.
What systems are affected by CVE-2021-47310?
CVE-2021-47310 affects multiple versions of the Linux kernel from version 3.10 up to 5.14-rc1.
Is CVE-2021-47310 exploitable remotely?
CVE-2021-47310's specific exploitation potential may vary, but it generally requires local access to the affected system.
What is a use-after-free vulnerability in CVE-2021-47310?
A use-after-free vulnerability like CVE-2021-47310 occurs when an application uses memory after it has been freed, potentially leading to arbitrary code execution.