Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2021-28691): Linux kernel vulnerabilities

Back to Search

Ubuntu: (Multiple Advisories) (CVE-2021-28691): Linux kernel vulnerabilities

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
06/29/2021
Created
07/23/2021
Added
07/21/2021
Modified
03/23/2022

Description

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.

Solution(s)

  • ubuntu-upgrade-linux-image-5-10-0-1038-oem
  • ubuntu-upgrade-linux-image-5-11-0-1013-azure
  • ubuntu-upgrade-linux-image-5-11-0-1014-kvm
  • ubuntu-upgrade-linux-image-5-11-0-1016-aws
  • ubuntu-upgrade-linux-image-5-11-0-1016-oracle
  • ubuntu-upgrade-linux-image-5-11-0-1016-raspi
  • ubuntu-upgrade-linux-image-5-11-0-1016-raspi-nolpae
  • ubuntu-upgrade-linux-image-5-11-0-1017-gcp
  • ubuntu-upgrade-linux-image-5-11-0-27-generic
  • ubuntu-upgrade-linux-image-5-11-0-27-generic-64k
  • ubuntu-upgrade-linux-image-5-11-0-27-generic-lpae
  • ubuntu-upgrade-linux-image-5-11-0-27-lowlatency
  • ubuntu-upgrade-linux-image-5-11-0-31-generic
  • ubuntu-upgrade-linux-image-5-11-0-31-generic-64k
  • ubuntu-upgrade-linux-image-5-11-0-31-generic-lpae
  • ubuntu-upgrade-linux-image-5-11-0-31-lowlatency
  • ubuntu-upgrade-linux-image-5-8-0-1038-oracle
  • ubuntu-upgrade-linux-image-5-8-0-1039-gcp
  • ubuntu-upgrade-linux-image-5-8-0-1040-azure
  • ubuntu-upgrade-linux-image-5-8-0-1042-aws
  • ubuntu-upgrade-linux-image-aws
  • ubuntu-upgrade-linux-image-azure
  • ubuntu-upgrade-linux-image-gcp
  • ubuntu-upgrade-linux-image-generic
  • ubuntu-upgrade-linux-image-generic-64k
  • ubuntu-upgrade-linux-image-generic-64k-hwe-20-04
  • ubuntu-upgrade-linux-image-generic-hwe-20-04
  • ubuntu-upgrade-linux-image-generic-lpae
  • ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04
  • ubuntu-upgrade-linux-image-gke
  • ubuntu-upgrade-linux-image-kvm
  • ubuntu-upgrade-linux-image-lowlatency
  • ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
  • ubuntu-upgrade-linux-image-oem-20-04
  • ubuntu-upgrade-linux-image-oem-20-04b
  • ubuntu-upgrade-linux-image-oracle
  • ubuntu-upgrade-linux-image-raspi
  • ubuntu-upgrade-linux-image-raspi-nolpae
  • ubuntu-upgrade-linux-image-virtual
  • ubuntu-upgrade-linux-image-virtual-hwe-20-04

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;