vulnerability
Oracle Linux: CVE-2021-47311: ELSA-2024-4211: kernel security and bug fix update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | 2024-05-21 | 2024-07-03 | 2025-01-07 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
2024-05-21
Added
2024-07-03
Modified
2025-01-07
Description
In the Linux kernel, the following vulnerability has been resolved:
net: qcom/emac: fix UAF in emac_remove
adpt is netdev private data and it cannot be
used after free_netdev() call. Using adpt after free_netdev()
can cause UAF bug. Fix it by moving free_netdev() at the end of the
function.
A vulnerability was found in the Linux kernel's Qualcomm EMAC driver, where the emac_remove function can lead to a use-after-free issue when the driver tries to access data after the network device has been freed, causing instability and a crash in the network subsystem.
net: qcom/emac: fix UAF in emac_remove
adpt is netdev private data and it cannot be
used after free_netdev() call. Using adpt after free_netdev()
can cause UAF bug. Fix it by moving free_netdev() at the end of the
function.
A vulnerability was found in the Linux kernel's Qualcomm EMAC driver, where the emac_remove function can lead to a use-after-free issue when the driver tries to access data after the network device has been freed, causing instability and a crash in the network subsystem.
Solution
oracle-linux-upgrade-kernel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.