PRIOn Logo

CVE-2021-47571 Spoofing

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is use after free on the next line. Re-arrange things to avoid that.

CWE: CWE-416
CVSS v2-
CVSS v37.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
https://git.kernel.org/stable/c/d43aecb694b10db9a4228ce2d38b5ae8de374443
https://git.kernel.org/stable/c/9186680382934b0e7529d3d70dcc0a21d087683b
https://git.kernel.org/stable/c/c0ef0e75a858cbd8618b473f22fbca36106dcf82
https://git.kernel.org/stable/c/bca19bb2dc2d89ce60c4a4a6e59609d4cf2e13ef
https://git.kernel.org/stable/c/2e1ec01af2c7139c6a600bbfaea1a018b35094b6
https://git.kernel.org/stable/c/8d0163cec7de995f9eb9c3128c83fb84f0cb1c64
https://git.kernel.org/stable/c/e27ee2f607fe6a9b923ef1fc65461c0613c97594
https://git.kernel.org/stable/c/b535917c51acc97fb0761b1edec85f1f3d02bda4
Affected Vendors

Linux - (1)

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Spoofing

CVSS Scores as calculated by PRIOnengine
CVSS v26.1
AV:L/AC:L/AU:N/C:P/I:P/A:C
CVSS v38.4
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MITRE CWE Top 25

Vulnerability weakness type is in the top 25 CWEs according to MITRE. View Mitre Top 25 CWEs

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

-

Compliance Impact

How the submited vulnerability affects compliance

PCI DSS v3.2.1-6.5.2 - Buffer Overflows

Web Application Security Frameworks

Applicable if the issue likely affects a web application

-