CVE-2021-4028

Name
CVE-2021-4028
Description
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://lkml.org/lkml/2021/10/4/697
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2027201
MISC https://access.redhat.com/security/cve/CVE-2021-4028
MISC https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74
MISC https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None < 5.1.15

Vulnerable and fixed packages

Source package Branch Version Maintainer Status