Vulnerability Description
A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.5, < 5.8.18 |
| Netapp | Cloud Backup | - |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1873476Issue TrackingThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210401-0001/Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1873476Issue TrackingThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210401-0001/Third Party Advisory
FAQ
What is CVE-2021-20226?
CVE-2021-20226 is a vulnerability with a CVSS score of 7.8 (HIGH). A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of v...
How severe is CVE-2021-20226?
CVE-2021-20226 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20226?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Cloud Backup.