CVE-2021-3348 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.

Group	Package	Affected	Fixed	Severity	Status
AVG-1515	linux-lts	5.4.94-1	5.4.95-1	Medium	Fixed
AVG-1514	linux-zen	5.10.12.zen1-1	5.10.13.zen1-1	Medium	Fixed
AVG-1513	linux-hardened	5.10.12.hardened1-1	5.10.13.hardened1-1	Medium	Fixed
AVG-1512	linux	5.10.12.arch1-1	5.10.13.arch1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/01/28/3 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.13&id=41f6f4a3143506ea1499cda2f14a16a2f82118a8 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.4.95&id=587c6b75d7fdd366ad7dc615471006ce73c03a51

References

https://www.openwall.com/lists/oss-security/2021/01/28/3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.13&id=41f6f4a3143506ea1499cda2f14a16a2f82118a8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.4.95&id=587c6b75d7fdd366ad7dc615471006ce73c03a51