CVE-2021-4028

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

Published: Aug 24, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-4028
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.10	5.10.71
linux / linux_kernel	5.11	5.14.10
suse / linux_enterprise	15.0-sp4	15.0-sp4.x
suse / linux_enterprise	15.0-sp3	15.0-sp3.x

https://access.redhat.com/security/cve/CVE-2021-4028
https://bugzilla.redhat.com/show_bug.cgi?id=2027201
https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74
https://lkml.org/lkml/2021/10/4/697
https://security.netapp.com/advisory/ntap-20221228-0002/

Vulnerability Database

289,599

CVE-2021-4028