Vulnerabilities > CVE-2021-33033 - Use After Free vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad5d07f4a9cd671233ae20983848874731102c08
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.14
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8
- https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-cipso_v4_genopt
- https://syzkaller.appspot.com/bug?id=96e7d345748d8814901c91cd92084ed04b46701e