Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client instance uninstall process, but acceletion engine device uninstall process still use it to trace runtime information. This causes a use after free problem. So fixes it by check the instance register state to avoid use after free.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.8, < 5.10.88 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542Patch
- https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4Patch
- https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0Patch
- https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542Patch
- https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4Patch
- https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0Patch
FAQ
What is CVE-2021-47596?
CVE-2021-47596 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, a...
How severe is CVE-2021-47596?
CVE-2021-47596 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47596?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.