Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in __vmbus_open() The "open_info" variable is added to the &vmbus_connection.chn_msg_list, but the error handling frees "open_info" without removing it from the list. This will result in a use after free. First remove it from the list, and then free it.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.14, < 5.10.37 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/2728f289b3270b0e273292b46c534421a33bbfd5Patch
- https://git.kernel.org/stable/c/3e9bf43f7f7a46f21ec071cb47be92d0874c48daPatch
- https://git.kernel.org/stable/c/d5c7b42c9f56ca46b286daa537d181bd7f69214fPatch
- https://git.kernel.org/stable/c/f37dd5d1b5d38a79a4f7b8dd7bbb705505f05560Patch
- https://git.kernel.org/stable/c/2728f289b3270b0e273292b46c534421a33bbfd5Patch
- https://git.kernel.org/stable/c/3e9bf43f7f7a46f21ec071cb47be92d0874c48daPatch
- https://git.kernel.org/stable/c/d5c7b42c9f56ca46b286daa537d181bd7f69214fPatch
- https://git.kernel.org/stable/c/f37dd5d1b5d38a79a4f7b8dd7bbb705505f05560Patch
FAQ
What is CVE-2021-47049?
CVE-2021-47049 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in __vmbus_open() The "open_info" variable is added to the &vmbus_connection.chn_msg_list, but ...
How severe is CVE-2021-47049?
CVE-2021-47049 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47049?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.