CVE-2021-3760 log

Source
Severity Medium
Remote No
Type Arbitrary code execution
Description
A use-after-free vulnerability of ndev->rf_conn_info object has been found in the Linux kernel NFC stack before version 5.14.15. The root cause is that ndev->rf_conn_info is forgotten to be set to NULL when the object is released.
Group Package Affected Fixed Severity Status Ticket
AVG-2500 linux-lts 5.10.75-1 5.10.76-1 Medium Fixed
AVG-2499 linux-hardened 5.14.14.hardened1-1 5.14.16.hardened1-1 High Fixed
AVG-2498 linux-zen 5.14.14.zen1-1 5.14.15.zen1-1 Medium Fixed
AVG-2497 linux 5.14.14.arch1-1 5.14.15.arch1-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/10/26/2
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.15&id=6197eb050cfab2c124cd592594a1d73883d7f9e8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.76&id=77c0ef979e32b8bc22f36a013bab77cd37e31530