Lucene search
LinuxVULNRICHMENT:CVE-2021-47378HistoryMay 21, 2024 - 3:03 p.m.
CVE-2021-47378 nvme-rdma: destroy cm id before destroy qp to avoid use after free
2024-05-2115:03:41
Linux
github.com
7
linux kernel
nvme-rdma
use after free
rdma connection establishment
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
15.5%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
In the Linux kernel, the following vulnerability has been resolved:
nvme-rdma: destroy cm id before destroy qp to avoid use after free
We should always destroy cm_id before destroy qp to avoid to get cma
event after qp was destroyed, which may lead to use after free.
In RDMA connection establishment error flow, don’t destroy qp in cm
event handler.Just report cm_error to upper level, qp will be destroy
in nvme_rdma_alloc_queue() after destroy cm id.
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/nvme/host/rdma.c"
],
"versions": [
{
"version": "1da177e4c3f4",
"lessThan": "ecf0dc5a9048",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "d268a182c56e",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "9817d763dbe1",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/nvme/host/rdma.c"
],
"versions": [
{
"version": "5.10.70",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.14.9",
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"vendor": "linux",
"product": "linux_kernel",
"versions": [
{
"status": "affected",
"version": "1da177e4c3f4"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"vendor": "linux",
"product": "linux_kernel",
"versions": [
{
"status": "unaffected",
"version": "5.10.70"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"vendor": "linux",
"product": "linux_kernel",
"versions": [
{
"status": "unaffected",
"version": "5.14.9"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"vendor": "linux",
"product": "linux_kernel",
"versions": [
{
"status": "unaffected",
"version": "5.15"
}
],
"defaultStatus": "unknown"
}
]Related
osv
osv
Security update for the Linux Kernel (Live Patch 48 for SLE 12 SP5)
2024-08-27 10:03:55
Security update for the Linux Kernel (Live Patch 47 for SLE 12 SP5)
2024-08-27 16:33:38
Security update for the Linux Kernel (Live Patch 53 for SLE 12 SP5)
2024-08-27 13:04:04
nessus
nessus
debiancve
debiancve
CVE-2021-47378
2024-05-21 15:15:23
ubuntucve
ubuntucve
CVE-2021-47378
2024-05-21 00:00:00
redhatcve
redhatcve
CVE-2021-47378
2024-05-22 10:21:36
nvd
nvd
CVE-2021-47378
2024-05-21 15:15:23
cve
cve
CVE-2021-47378
2024-05-21 15:15:23
cvelist
cvelist
redhat
redhat
(RHSA-2024:6297) Moderate: kernel security update
2024-09-04 06:55:44
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1911)
2024-07-16 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-2120)
2024-08-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1979-1)
2024-06-12 00:00:00
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
15.5%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2021-47378