CVE-2021-3715
Last modified
CVE-2021-3715 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.18, < 4.4.218 |
| Linux | Linux Kernel | >= 4.5, < 4.9.218 |
| Linux | Linux Kernel | >= 4.10, < 4.14.175 |
| Linux | Linux Kernel | >= 4.15, < 4.19.114 |
| Linux | Linux Kernel | >= 4.20, < 5.4.29 |
| Linux | Linux Kernel | >= 5.5.0, < 5.5.14 |
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359Mailing List, Patch, Vendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359Mailing List, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3715?
How severe is CVE-2021-3715?
How do I fix CVE-2021-3715?
Are you affected by CVE-2021-3715?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST