{
  "threat_severity" : "Moderate",
  "public_date" : "2024-05-21T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: igb: Fix use-after-free error during reset",
    "id" : "2282482",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2282482"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nigb: Fix use-after-free error during reset\nCleans the next descriptor to watch (next_to_watch) when cleaning the\nTX ring.\nFailure to do so can cause invalid memory accesses. If igb_poll() runs\nwhile the controller is reset this can lead to the driver try to free\na skb that was already freed.\n(The crash is harder to reproduce with the igb driver, but the same\npotential problem exists as the code is identical to igc)", "A vulnerability was found in the Linux kernel's igb driver. During a reset operation, the driver could access memory that had already been freed. If the driver attempts to use this freed memory, it can lead to a system crash or instability because the memory may no longer be valid." ],
  "statement" : "This vulnerability is rated as a Moderate severity because the issue primarily impacts system stability by potentially causing a crash if the driver interacts with freed memory. It does not expose sensitive information or allow unauthorized access.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1988",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-372.9.1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-47301\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47301\nhttps://lore.kernel.org/linux-cve-announce/2024052126-CVE-2021-47301-13b4@gregkh/T" ],
  "name" : "CVE-2021-47301",
  "mitigation" : {
    "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
    "lang" : "en:us"
  },
  "csaw" : false
}