CVE & CISA-KEV Catalog

CVE-2021-47082

HIGH
7.8
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving the dev->tstats and tun->security allocs to a new ndo_init routine (tun_net_init()) that will be called by register_netdevice(). ndo_init is paired with the desctructor (tun_free_netdev()), so if there's an error in register_netdevice() the destructor will handle the frees. BUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605 CPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1 Hardware name: Red Hat KVM, BIOS Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106 print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:247 kasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372 ____kasan_slab_free mm/kasan/common.c:346 [inline] __kasan_slab_free+0x107/0x120 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:1723 [inline] slab_free_freelist_hook mm/slub.c:1749 [inline] slab_free mm/slub.c:3513 [inline] kfree+0xac/0x2d0 mm/slub.c:4561 selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605 security_tun_dev_free_security+0x4f/0x90 security/security.c:2342 tun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215 netdev_run_todo+0x4df/0x840 net/core/dev.c:10627 rtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112 __tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302 tun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.136-1CVE-2021-47082
Fixed in:5.15.15-1CVE-2021-47082
Fixed in:5.15.15-1CVE-2021-47082
Fixed in:5.15.15-1CVE-2021-47082
linuxUbuntu
Fixed in:4.15.0-232.244USN-7185-1
linux-awsUbuntu
Fixed in:4.15.0-1176.189USN-7185-1
linux-aws-hweUbuntu
Fixed in:4.15.0-1176.189~16.04.1USN-7185-1
linux-azureUbuntu
Fixed in:4.15.0-1184.199~14.04.1USN-7185-2
Fixed in:4.15.0-1184.199~16.04.1USN-7185-2
linux-azure-4.15Ubuntu
Fixed in:4.15.0-1184.199USN-7185-2
linux-gcpUbuntu
Fixed in:4.15.0-1169.186~16.04.1USN-7185-1
linux-gcp-4.15Ubuntu
Fixed in:4.15.0-1169.186USN-7185-1
linux-hweUbuntu
Fixed in:4.15.0-232.244~16.04.1USN-7185-1
linux-image-4.15.0-1138-oracleUbuntu
Fixed in:4.15.0-1138.149~16.04.1USN-7185-1
Fixed in:4.15.0-1138.149USN-7185-1
linux-image-4.15.0-1159-kvmUbuntu
Fixed in:4.15.0-1159.164USN-7185-1
linux-image-4.15.0-1169-gcpUbuntu
Fixed in:4.15.0-1169.186~16.04.1USN-7185-1
Fixed in:4.15.0-1169.186USN-7185-1
linux-image-4.15.0-1176-awsUbuntu
Fixed in:4.15.0-1176.189~16.04.1USN-7185-1
Fixed in:4.15.0-1176.189USN-7185-1
linux-image-4.15.0-1184-azureUbuntu
Fixed in:4.15.0-1184.199~14.04.1USN-7185-2
Fixed in:4.15.0-1184.199~16.04.1USN-7185-2
Fixed in:4.15.0-1184.199USN-7185-2
linux-image-4.15.0-232-genericUbuntu
Fixed in:4.15.0-232.244~16.04.1USN-7185-1
Fixed in:4.15.0-232.244USN-7185-1
linux-image-4.15.0-232-lowlatencyUbuntu
Fixed in:4.15.0-232.244~16.04.1USN-7185-1
Fixed in:4.15.0-232.244USN-7185-1
linux-image-aws-hweUbuntu
Fixed in:4.15.0.1176.189~16.04.1USN-7185-1
linux-image-aws-lts-18.04Ubuntu
Fixed in:4.15.0.1176.174USN-7185-1
linux-image-azureUbuntu
Fixed in:4.15.0.1184.199~14.04.1USN-7185-2
Fixed in:4.15.0.1184.199~16.04.1USN-7185-2
linux-image-azure-lts-18.04Ubuntu
Fixed in:4.15.0.1184.152USN-7185-2
linux-image-gcpUbuntu
Fixed in:4.15.0.1169.186~16.04.1USN-7185-1
linux-image-gcp-lts-18.04Ubuntu
Fixed in:4.15.0.1169.182USN-7185-1
linux-image-genericUbuntu
Fixed in:4.15.0.232.216USN-7185-1
linux-image-generic-hwe-16.04Ubuntu
Fixed in:4.15.0.232.244~16.04.1USN-7185-1
linux-image-gkeUbuntu
Fixed in:4.15.0.1169.186~16.04.1USN-7185-1
linux-image-kvmUbuntu
Fixed in:4.15.0.1159.150USN-7185-1
linux-image-lowlatencyUbuntu
Fixed in:4.15.0.232.216USN-7185-1
linux-image-lowlatency-hwe-16.04Ubuntu
Fixed in:4.15.0.232.244~16.04.1USN-7185-1
linux-image-oemUbuntu
Fixed in:4.15.0.232.244~16.04.1USN-7185-1
linux-image-oracleUbuntu
Fixed in:4.15.0.1138.149~16.04.1USN-7185-1
linux-image-oracle-lts-18.04Ubuntu
Fixed in:4.15.0.1138.143USN-7185-1
linux-image-virtualUbuntu
Fixed in:4.15.0.232.216USN-7185-1
linux-image-virtual-hwe-16.04Ubuntu
Fixed in:4.15.0.232.244~16.04.1USN-7185-1
linux-kvmUbuntu
Fixed in:4.15.0-1159.164USN-7185-1
linux-oracleUbuntu
Fixed in:4.15.0-1138.149~16.04.1USN-7185-1
Fixed in:4.15.0-1138.149USN-7185-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.25%probability of exploitation in 30 days
16thpercentile

Low risk: more likely to be exploited than 16% of all known CVEs.

References

Related Vulnerabilities

Other CWE-415 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-25136Medium6.590%-Fix
CVE-2018-0101Critical10.087%-Fix
CVE-2003-0545Critical9.885%-Fix
CVE-2019-3829Medium5.359%-Fix
CVE-2026-33824Critical9.856%-Fix
CVE-2021-3407Medium5.550%-Fix
Embed a live status badge for CVE-2021-47082
CVE-2021-47082 severity badge

Markdown

[![CVE-2021-47082](https://tridentstack.com/cve/badge/CVE-2021-47082.svg)](https://tridentstack.com/cve/CVE-2021-47082)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-47082"><img src="https://tridentstack.com/cve/badge/CVE-2021-47082.svg" alt="CVE-2021-47082"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-01-14.