Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7
CVSSv3

CVE-2021-3348

Published: 01/02/2021 Updated: 26/04/2022
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Linux

Vulnerability Summary

nbd_add_socket in drivers/block/nbd.c in the Linux kernel up to and including 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 9.0

Vendor Advisories

Amazon Linux AMI: ALAS-2021-1480
A use-after-free flaw was found in kernel/trace/ring_bufferc in Linux kernel (before 510-rc1) There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS) This flaw could even allow a local attacker with special user privilege to a kernel information leak threat ...
Amazon Linux 2: ALAS2-2021-1600
A use-after-free flaw was found in kernel/trace/ring_bufferc in Linux kernel (before 510-rc1) There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS) This flaw could even allow a local attacker with special user privilege to a kernel information leak threat ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-020
A use-after-free flaw was found in kernel/trace/ring_bufferc in Linux kernel There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS) This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (CVE-2020-27825 ...
Arch Linux Issues:
nbd_add_socket in drivers/block/nbdc in the Linux kernel through 51012 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71 ...

References

CWE-362CWE-416https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b98e762e3d71e893b221f871825dc64694cfb258https://www.openwall.com/lists/oss-security/2021/01/28/3http://www.openwall.com/lists/oss-security/2021/02/01/1https://lists.debian.org/debian-lts-announce/2021/03/msg00035.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2021-1480.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook