#VU88892 Use-after-free in Linux kernel - CVE-2021-46936
Published: April 22, 2024
Vulnerability identifier: #VU88892
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-46936
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inet_init() function in net/ipv4/af_inet.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022
- https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a
- https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4
- https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566
- https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69
- https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4
- https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13
- https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0