Vulnerabilities > CVE-2021-45868 - Use After Free vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
linux
netapp
CWE-416

Summary

In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

Vulnerable Configurations

Part Description Count
OS
Linux
4986
OS
Netapp
8
Hardware
Netapp
8

Common Weakness Enumeration (CWE)