CVE-2021-3715
kernel: use-after-free in route4_change() in net/sched/cls_route.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Se ha encontrado un fallo en el clasificador "Routing decision" del subsistema de red Traffic Control del kernel de Linux en la forma en que administra el cambio de los filtros de clasificación, conllevando a una condición de uso de memoria previamente liberada. Este fallo permite a usuarios locales no privilegiados escalar sus privilegios en el sistema. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, la integridad y la disponibilidad del sistema
Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. Various other vulnerabilities were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-18 CVE Reserved
- 2021-09-08 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359 | 2023-01-24 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-3715 | 2022-10-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1993988 | 2022-10-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.18 < 4.4.218 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.18 < 4.4.218" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.218 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.218" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.175 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.175" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.19.114 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.114" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 5.4.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.29" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.5.0 < 5.5.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5.0 < 5.5.14" | - |
Affected
| ||||||