QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-28691

Back to search

CVE-2021-28691

Published: Jun 29, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.

VendorProductVersions

Linux

Linux

unknown
unspecified - < 4.12
affected
5.5.0 - < unspecified
unaffected
next of 5.12.2 - < unspecified

References

GLSA-202107-30
vendor-advisory
x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now