CVE-2021-47049

Drivers: hv: vmbus: Use after free in __vmbus_open()

Description

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in __vmbus_open() The "open_info" variable is added to the &vmbus_connection.chn_msg_list, but the error handling frees "open_info" without removing it from the list. This will result in a use after free. First remove it from the list, and then free it.

References

Link	Tags
https://git.kernel.org/stable/c/d5c7b42c9f56ca46b286daa537d181bd7f69214f	patch
https://git.kernel.org/stable/c/f37dd5d1b5d38a79a4f7b8dd7bbb705505f05560	patch
https://git.kernel.org/stable/c/2728f289b3270b0e273292b46c534421a33bbfd5	patch
https://git.kernel.org/stable/c/3e9bf43f7f7a46f21ec071cb47be92d0874c48da	patch

Frequently Asked Questions

What is the severity of CVE-2021-47049?: CVE-2021-47049 has been scored as a high severity vulnerability.
How to fix CVE-2021-47049?: To fix CVE-2021-47049, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47049 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-47049 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47049?: CVE-2021-47049 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions