Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object

Related Vulnerabilities: CVE-2021-3760  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev-&gt;rf_conn_info object

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Solar Designer &lt;solar () openwall com&gt;

Date: Tue, 26 Oct 2021 14:30:18 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On Tue, Oct 26, 2021 at 08:14:20PM +0800, Lin Horse wrote:
The commit for the fix is 1b1499a817c90fd1ce9453a2c98d2a01cca0e775 (link:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1b1499a817c90fd1ce9453a2c98d2a01cca0e775
)

Thanks.  Looks like the same fix you already shared on September 1.

I also found this was (first?) made public on Linux kernel mailing lists
(linux-nfc, netdev, linux-kernel) on October 7 by someone from Canonical
(and Lin was CC'ed):

https://lists.openwall.net/netdev/2021/10/07/239

Canonical didn't break the embargo there because it was supposed to be
already over by then, however I think it was their opportunity to remind
about the need to make the oss-security posting, or to make the posting
themselves.  Speaking of which, I think SUSE (as they first reminded) or
Gentoo or Amazon (as they're tasked with this) could and should have
brought this to oss-security shortly after Lin didn't reply to the
September 17 reminder.  To send a reminder and forget for another month
isn't a reliable approach.

Alexander

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev-&gt;rf_conn_info object Lin Horse (Oct 26)

Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev-&gt;rf_conn_info object Solar Designer (Oct 26)

Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev-&gt;rf_conn_info object Lin Horse (Oct 26)

Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev-&gt;rf_conn_info object Solar Designer (Oct 26)
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev-&gt;rf_conn_info object Thadeu Lima de Souza Cascardo (Oct 26)

RE: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev-&gt;rf_conn_info object Anthony Liguori (Oct 26)

Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev-&gt;rf_conn_info object Roxana Bradescu (Oct 28)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started