CVE-2021-44733

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

Published: Dec 22, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-44733
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-362
CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	5.15.11.x
redhat / enterprise_linux	8.0	8.0.x
fedoraproject / fedora	35	35.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfd0743f1d9ea76931510ed150334d571fbab49d
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c
https://github.com/pjlantz/optee-qemu/blob/main/README.md
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
https://lore.kernel.org/lkml/[email protected]/
https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander%40linaro.org/
https://security.netapp.com/advisory/ntap-20220114-0003/
https://www.debian.org/security/2022/dsa-5096

Vulnerability Database

289,697

CVE-2021-44733