CVE-2021-3347

Public Exploit

Description

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.27%
Vendor Advisory debian.org Vendor Advisory fedoraproject.org Vendor Advisory fedoraproject.org Vendor Advisory kernel.org Vendor Advisory kernel.org Vendor Advisory kernel.org Vendor Advisory kernel.org Vendor Advisory kernel.org Vendor Advisory kernel.org Vendor Advisory kernel.org Vendor Advisory kernel.org
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c64396cc36c6e60704ab06c1fb1c4a46179c9120 mailing list patch vendor advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34b1a1ce1458f50ef27c54e28eb9b1947012907a mailing list patch vendor advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2dac39d93987f7de1e20b3988c8685523247ae2 mailing list patch vendor advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ccc84f917d33312eb2846bd7b567639f585ad6d mailing list patch vendor advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2156ac1934166d6deb6cd0f6ffc4c1076ec63697 mailing list patch vendor advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5cade200ab9a2a3be9e7f32a752c8d86b502ec7 mailing list patch vendor advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b79c55201f02ffd675e1231d731365e335c307 mailing list patch vendor advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9 mailing list patch vendor advisory
https://www.openwall.com/lists/oss-security/2021/01/29/3 third party advisory mailing list
https://www.openwall.com/lists/oss-security/2021/01/29/1 third party advisory mailing list
http://www.openwall.com/lists/oss-security/2021/01/29/5 third party advisory mailing list
http://www.openwall.com/lists/oss-security/2021/01/29/4 third party advisory mailing list
http://www.openwall.com/lists/oss-security/2021/02/01/4 mailing list exploit third party advisory
https://www.debian.org/security/2021/dsa-4843 third party advisory vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXAVDAK4RLAHBHHGEPL73UFXSI6BXQ7Q/ vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOBMXDJABYE76RKNBAWA2E4TSSBX7CSJ/ vendor advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html third party advisory mailing list
https://security.netapp.com/advisory/ntap-20210304-0005/ third party advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html third party advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2021-3347?
CVE-2021-3347 has been scored as a high severity vulnerability.
How to fix CVE-2021-3347?
To fix CVE-2021-3347, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-3347 being actively exploited in the wild?
It is possible that CVE-2021-3347 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.