CVE-2021-46991
- Source
- https://cve.org/CVERecord?id=CVE-2021-46991
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46991.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-46991
- Downstream
- Related
- Published
- 2024-02-28T09:15:37.787Z
- Modified
- 2026-03-13T05:20:26.406127Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix use-after-free in i40eclientsubtask()
Currently the call to i40eclientdelinstance frees the object pf->cinst, however pf->cinst->laninfo is being accessed after the free. Fix this by adding the missing return.
Addresses-Coverity: ("Read from pointer after free")
- References
-
- https://git.kernel.org/stable/c/1fd5d262e7442192ac7611ff1597a36c5b044323
- https://git.kernel.org/stable/c/38318f23a7ef86a8b1862e5e8078c4de121960c3
- https://git.kernel.org/stable/c/4ebc10aa7cd17fd9857dedac69600465c9dd16d1
- https://git.kernel.org/stable/c/829a713450b8fb127cbabfc1244c1d8179ec5107
- https://git.kernel.org/stable/c/c1322eaeb8af0d8985b5cc5fa759140fa0e57b84
- https://git.kernel.org/stable/c/d718c15a2bf9ae082d5ae4d177fb19ef23cb4132
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "4.16"
},
{
"fixed": "4.19.191"
}
]
},
{
"events": [
{
"introduced": "4.20"
},
{
"fixed": "5.4.120"
}
]
},
{
"events": [
{
"introduced": "5.5"
},
{
"fixed": "5.10.38"
}
]
},
{
"events": [
{
"introduced": "5.11"
},
{
"fixed": "5.11.22"
}
]
},
{
"events": [
{
"introduced": "5.12"
},
{
"fixed": "5.12.5"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46991.json"