CVE-2021-3760 - log back

CVE-2021-3760 edited at 28 Oct 2021 08:42:40
Description
- A use-after-free vulnerability of ndev->rf_conn_info object has been found in the Linux kernel NFC stack. The root cause is that ndev->rf_conn_info is forgotten to be set to NULL when the object is released.
+ A use-after-free vulnerability of ndev->rf_conn_info object has been found in the Linux kernel NFC stack before version 5.14.15. The root cause is that ndev->rf_conn_info is forgotten to be set to NULL when the object is released.
References
https://www.openwall.com/lists/oss-security/2021/10/26/2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1b1499a817c90fd1ce9453a2c98d2a01cca0e775
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.15&id=6197eb050cfab2c124cd592594a1d73883d7f9e8
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.76&id=77c0ef979e32b8bc22f36a013bab77cd37e31530
CVE-2021-3760 edited at 26 Oct 2021 12:11:36
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ A use-after-free vulnerability of ndev->rf_conn_info object has been found in the Linux kernel NFC stack. The root cause is that ndev->rf_conn_info is forgotten to be set to NULL when the object is released.
References
+ https://www.openwall.com/lists/oss-security/2021/10/26/2
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1b1499a817c90fd1ce9453a2c98d2a01cca0e775
CVE-2021-3760 created at 26 Oct 2021 12:05:54
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes