CVE-2021-28691

Published: 6/29/2021 Last updated: 8/3/2024 Reserved: 3/18/2021

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.

CNA assigner: XEN (23aa2041-22e1-471f-9209-9b7396fa234f) Requested by: n/a

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (2)

Product	Vendor	Version
Linux	Linux	<= 5.15.*
Linux	Linux	Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro"

References (12)

Credits (2)

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Michael Brown of iPXE and diagnosed by\nOlivier Benjamin, Michael Kurth and Martin Mazein of AWS.'}]}}}
{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Michael Brown of iPXE and diagnosed by\nOlivier Benjamin, Michael Kurth and Martin Mazein of AWS.'}]}}}