CVE-2021-3760 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	A use-after-free vulnerability of ndev->rf_conn_info object has been found in the Linux kernel NFC stack before version 5.14.15. The root cause is that ndev->rf_conn_info is forgotten to be set to NULL when the object is released.

Group	Package	Affected	Fixed	Severity	Status
AVG-2500	linux-lts	5.10.75-1	5.10.76-1	Medium	Fixed
AVG-2499	linux-hardened	5.14.14.hardened1-1	5.14.16.hardened1-1	High	Fixed
AVG-2498	linux-zen	5.14.14.zen1-1	5.14.15.zen1-1	Medium	Fixed
AVG-2497	linux	5.14.14.arch1-1	5.14.15.arch1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/10/26/2 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.15&id=6197eb050cfab2c124cd592594a1d73883d7f9e8 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.76&id=77c0ef979e32b8bc22f36a013bab77cd37e31530

References

https://www.openwall.com/lists/oss-security/2021/10/26/2
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.15&id=6197eb050cfab2c124cd592594a1d73883d7f9e8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.76&id=77c0ef979e32b8bc22f36a013bab77cd37e31530