Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-47111— xen-netback: take a reference to the RX task thread

EPSS 0.02% · P5
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-47111

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
xen-netback: take a reference to the RX task thread
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task from being freed if the thread returns (which can be triggered by the frontend) before the call to kthread_stop done as part of the backend tear down. Not taking the reference will lead to a use-after-free in that scenario. Such reference was taken before but dropped as part of the rework done in 2ac061ce97f4. Reintroduce the reference taking and add a comment this time explaining why it's needed. This is XSA-374 / CVE-2021-28691.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于 xen-netback 模块中存在错误。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 2ac061ce97f413bfbbdd768f7d2e0fda2e8170df ~ 6b53db8c4c14b4e7256f058d202908b54a7b85b4 -
LinuxLinux 5.5 -

II. Public POCs for CVE-2021-47111

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-47111

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-03-15 · 26 CVEs total

CVE-2021-47123io_uring: fix ltout double free on completion race
CVE-2021-47135mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
CVE-2021-47134efi/fdt: fix panic when no valid fdt found
CVE-2021-47133HID: amd_sfh: Fix memory leak in amd_sfh_work
CVE-2021-47132mptcp: fix sk_forward_memory corruption on retransmission
CVE-2021-47131net/tls: Fix use-after-free after the TLS device goes down and up
CVE-2021-47130nvmet: fix freeing unallocated p2pmem
CVE-2021-47129netfilter: nft_ct: skip expectations for confirmed conntrack
CVE-2021-47128bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks
CVE-2021-47127ice: track AF_XDP ZC enabled queues in bitmap
CVE-2021-47126ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions
CVE-2021-47125sch_htb: fix refcount leak in htb_parent_to_leaf_offload
CVE-2021-47124io_uring: fix link timeout refs
CVE-2021-47109neighbour: allow NUD_NOARP entries to be forced GCed
CVE-2021-47122net: caif: fix memory leak in caif_device_notify
CVE-2021-47121net: caif: fix memory leak in cfusbl_device_notify
CVE-2021-47120HID: magicmouse: fix NULL-deref on disconnect
CVE-2021-47119ext4: fix memory leak in ext4_fill_super
CVE-2021-47118pid: take a reference when initializing `cad_pid`
CVE-2021-47117ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2021-47111

No comments yet

Leave a comment