Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2021-47589

Double Free

Published: Jun 19, 2024 | Modified: Nov 21, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
4.4 LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-47589
CWEhttps://cwe.mitre.org/data/definitions/415.html

In the Linux kernel, the following vulnerability has been resolved:

igbvf: fix double free in igbvf_probe

In igbvf_probe, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_ioremap, there is list_for_each_entry_safe and netif_napi_del which aims to delete all entries in dev->napi_list. The program has added an entry adapter->rx_ring->napi which is added by netif_napi_add in igbvf_alloc_queues(). However, adapter->rx_ring has been freed below label err_hw_init. So this a UAF.

In terms of how to patch the problem, we can refer to igbvf_remove() and delete the entry before adapter->rx_ring.

The KASAN logs are as follows:

[ 35.126075] BUG: KASAN: use-after-free in free_netdev+0x1fd/0x450 [ 35.127170] Read of size 8 at addr ffff88810126d990 by task modprobe/366 [ 35.128360] [ 35.128643] CPU: 1 PID: 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14 [ 35.129789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 35.131749] Call Trace: [ 35.132199] dump_stack_lvl+0x59/0x7b [ 35.132865] print_address_description+0x7c/0x3b0 [ 35.133707] ? free_netdev+0x1fd/0x450 [ 35.134378] __kasan_report+0x160/0x1c0 [ 35.135063] ? free_netdev+0x1fd/0x450 [ 35.135738] kasan_report+0x4b/0x70 [ 35.136367] free_netdev+0x1fd/0x450 [ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf] [ 35.137808] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf] [ 35.138751] local_pci_probe+0x13c/0x1f0 [ 35.139461] pci_device_probe+0x37e/0x6c0 [ 35.165526] [ 35.165806] Allocated by task 366: [ 35.166414] ____kasan_kmalloc+0xc4/0xf0 [ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf] [ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf] [ 35.168866] local_pci_probe+0x13c/0x1f0 [ 35.169565] pci_device_probe+0x37e/0x6c0 [ 35.179713] [ 35.179993] Freed by task 366: [ 35.180539] kasan_set_track+0x4c/0x80 [ 35.181211] kasan_set_free_info+0x1f/0x40 [ 35.181942] ____kasan_slab_free+0x103/0x140 [ 35.182703] kfree+0xe3/0x250 [ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf] [ 35.184040] local_pci_probe+0x13c/0x1f0

Weakness

The product calls free() twice on the same memory address.

Affected Software

NameVendorStart VersionEnd Version
Linux_kernelLinux2.6.30 (including)4.4.296 (excluding)
Linux_kernelLinux4.5 (including)4.9.294 (excluding)
Linux_kernelLinux4.10 (including)4.14.259 (excluding)
Linux_kernelLinux4.15 (including)4.19.222 (excluding)
Linux_kernelLinux4.20 (including)5.4.168 (excluding)
Linux_kernelLinux5.5 (including)5.10.88 (excluding)
Linux_kernelLinux5.11 (including)5.15.11 (excluding)
LinuxUbuntubionic*
LinuxUbuntuesm-infra-legacy/trusty*
LinuxUbuntuesm-infra/bionic*
LinuxUbuntuesm-infra/focal*
LinuxUbuntuesm-infra/xenial*
LinuxUbuntufocal*
LinuxUbuntutrusty*
LinuxUbuntutrusty/esm*
LinuxUbuntuupstream*
LinuxUbuntuxenial*
Linux-allwinner-5.19Ubuntujammy*
Linux-allwinner-5.19Ubuntuupstream*
Linux-awsUbuntubionic*
Linux-awsUbuntuesm-infra-legacy/trusty*
Linux-awsUbuntuesm-infra/bionic*
Linux-awsUbuntuesm-infra/focal*
Linux-awsUbuntuesm-infra/xenial*
Linux-awsUbuntufocal*
Linux-awsUbuntutrusty*
Linux-awsUbuntutrusty/esm*
Linux-awsUbuntuupstream*
Linux-awsUbuntuxenial*
Linux-aws-5.0Ubuntubionic*
Linux-aws-5.0Ubuntuesm-infra/bionic*
Linux-aws-5.0Ubuntuupstream*
Linux-aws-5.11Ubuntuesm-infra/focal*
Linux-aws-5.11Ubuntufocal*
Linux-aws-5.11Ubuntuupstream*
Linux-aws-5.13Ubuntuesm-infra/focal*
Linux-aws-5.13Ubuntufocal*
Linux-aws-5.13Ubuntuupstream*
Linux-aws-5.15Ubuntuupstream*
Linux-aws-5.19Ubuntujammy*
Linux-aws-5.19Ubuntuupstream*
Linux-aws-5.3Ubuntubionic*
Linux-aws-5.3Ubuntuesm-infra/bionic*
Linux-aws-5.3Ubuntuupstream*
Linux-aws-5.4Ubuntubionic*
Linux-aws-5.4Ubuntuesm-infra/bionic*
Linux-aws-5.4Ubuntuupstream*
Linux-aws-5.8Ubuntuesm-infra/focal*
Linux-aws-5.8Ubuntufocal*
Linux-aws-5.8Ubuntuupstream*
Linux-aws-6.14Ubuntuupstream*
Linux-aws-6.2Ubuntujammy*
Linux-aws-6.2Ubuntuupstream*
Linux-aws-6.5Ubuntuupstream*
Linux-aws-6.8Ubuntuupstream*
Linux-aws-fipsUbuntufips-updates/bionic*
Linux-aws-fipsUbuntufips-updates/focal*
Linux-aws-fipsUbuntufips/bionic*
Linux-aws-fipsUbuntufips/focal*
Linux-aws-fipsUbuntutrusty*
Linux-aws-fipsUbuntuupstream*
Linux-aws-fipsUbuntuxenial*
Linux-aws-hweUbuntuesm-infra/xenial*
Linux-aws-hweUbuntuupstream*
Linux-aws-hweUbuntuxenial*
Linux-azureUbuntubionic*
Linux-azureUbuntuesm-infra-legacy/trusty*
Linux-azureUbuntuesm-infra/bionic*
Linux-azureUbuntuesm-infra/focal*
Linux-azureUbuntuesm-infra/xenial*
Linux-azureUbuntufocal*
Linux-azureUbuntutrusty*
Linux-azureUbuntutrusty/esm*
Linux-azureUbuntuupstream*
Linux-azureUbuntuxenial*
Linux-azure-4.15Ubuntubionic*
Linux-azure-4.15Ubuntuesm-infra/bionic*
Linux-azure-4.15Ubuntuupstream*
Linux-azure-5.11Ubuntuesm-infra/focal*
Linux-azure-5.11Ubuntufocal*
Linux-azure-5.11Ubuntuupstream*
Linux-azure-5.13Ubuntuesm-infra/focal*
Linux-azure-5.13Ubuntufocal*
Linux-azure-5.13Ubuntuupstream*
Linux-azure-5.15Ubuntuupstream*
Linux-azure-5.19Ubuntujammy*
Linux-azure-5.19Ubuntuupstream*
Linux-azure-5.3Ubuntubionic*
Linux-azure-5.3Ubuntuesm-infra/bionic*
Linux-azure-5.3Ubuntuupstream*
Linux-azure-5.4Ubuntubionic*
Linux-azure-5.4Ubuntuesm-infra/bionic*
Linux-azure-5.4Ubuntuupstream*
Linux-azure-5.8Ubuntuesm-infra/focal*
Linux-azure-5.8Ubuntufocal*
Linux-azure-5.8Ubuntuupstream*
Linux-azure-6.11Ubuntuupstream*
Linux-azure-6.14Ubuntuupstream*
Linux-azure-6.2Ubuntujammy*
Linux-azure-6.2Ubuntuupstream*
Linux-azure-6.5Ubuntuupstream*
Linux-azure-6.8Ubuntuupstream*
Linux-azure-edgeUbuntubionic*
Linux-azure-edgeUbuntuesm-infra/bionic*
Linux-azure-edgeUbuntuupstream*
Linux-azure-fdeUbuntuesm-infra/focal*
Linux-azure-fdeUbuntufocal*
Linux-azure-fdeUbuntuupstream*
Linux-azure-fde-5.15Ubuntuupstream*
Linux-azure-fde-5.19Ubuntujammy*
Linux-azure-fde-5.19Ubuntuupstream*
Linux-azure-fde-6.14Ubuntuupstream*
Linux-azure-fde-6.2Ubuntujammy*
Linux-azure-fde-6.2Ubuntuupstream*
Linux-azure-fde-6.8Ubuntuupstream*
Linux-azure-fipsUbuntufips-updates/bionic*
Linux-azure-fipsUbuntufips-updates/focal*
Linux-azure-fipsUbuntufips/bionic*
Linux-azure-fipsUbuntufips/focal*
Linux-azure-fipsUbuntutrusty*
Linux-azure-fipsUbuntuupstream*
Linux-azure-fipsUbuntuxenial*
Linux-azure-nvidiaUbuntuupstream*
Linux-azure-nvidia-6.14Ubuntuupstream*
Linux-bluefieldUbuntuesm-infra/focal*
Linux-bluefieldUbuntufocal*
Linux-bluefieldUbuntuupstream*
Linux-fipsUbuntufips-updates/bionic*
Linux-fipsUbuntufips-updates/focal*
Linux-fipsUbuntufips-updates/xenial*
Linux-fipsUbuntufips/bionic*
Linux-fipsUbuntufips/focal*
Linux-fipsUbuntufips/xenial*
Linux-fipsUbuntuupstream*
Linux-gcpUbuntubionic*
Linux-gcpUbuntuesm-infra/bionic*
Linux-gcpUbuntuesm-infra/focal*
Linux-gcpUbuntuesm-infra/xenial*
Linux-gcpUbuntufocal*
Linux-gcpUbuntuupstream*
Linux-gcpUbuntuxenial*
Linux-gcp-4.15Ubuntubionic*
Linux-gcp-4.15Ubuntuesm-infra/bionic*
Linux-gcp-4.15Ubuntuupstream*
Linux-gcp-5.11Ubuntuesm-infra/focal*
Linux-gcp-5.11Ubuntufocal*
Linux-gcp-5.11Ubuntuupstream*
Linux-gcp-5.13Ubuntuesm-infra/focal*
Linux-gcp-5.13Ubuntufocal*
Linux-gcp-5.13Ubuntuupstream*
Linux-gcp-5.15Ubuntuupstream*
Linux-gcp-5.19Ubuntujammy*
Linux-gcp-5.19Ubuntuupstream*
Linux-gcp-5.3Ubuntubionic*
Linux-gcp-5.3Ubuntuesm-infra/bionic*
Linux-gcp-5.3Ubuntuupstream*
Linux-gcp-5.4Ubuntubionic*
Linux-gcp-5.4Ubuntuesm-infra/bionic*
Linux-gcp-5.4Ubuntuupstream*
Linux-gcp-5.8Ubuntuesm-infra/focal*
Linux-gcp-5.8Ubuntufocal*
Linux-gcp-5.8Ubuntuupstream*
Linux-gcp-6.11Ubuntuupstream*
Linux-gcp-6.14Ubuntuupstream*
Linux-gcp-6.2Ubuntujammy*
Linux-gcp-6.2Ubuntuupstream*
Linux-gcp-6.5Ubuntuupstream*
Linux-gcp-6.8Ubuntuupstream*
Linux-gcp-fipsUbuntufips-updates/bionic*
Linux-gcp-fipsUbuntufips-updates/focal*
Linux-gcp-fipsUbuntufips/bionic*
Linux-gcp-fipsUbuntufips/focal*
Linux-gcp-fipsUbuntutrusty*
Linux-gcp-fipsUbuntuupstream*
Linux-gcp-fipsUbuntuxenial*
Linux-gkeUbuntuesm-infra/focal*
Linux-gkeUbuntufocal*
Linux-gkeUbuntuupstream*
Linux-gkeUbuntuxenial*
Linux-gke-4.15Ubuntubionic*
Linux-gke-4.15Ubuntuesm-infra/bionic*
Linux-gke-4.15Ubuntuupstream*
Linux-gke-5.15Ubuntuesm-infra/focal*
Linux-gke-5.15Ubuntufocal*
Linux-gke-5.15Ubuntuupstream*
Linux-gke-5.4Ubuntubionic*
Linux-gke-5.4Ubuntuesm-infra/bionic*
Linux-gke-5.4Ubuntuupstream*
Linux-gkeopUbuntuesm-infra/focal*
Linux-gkeopUbuntufocal*
Linux-gkeopUbuntuupstream*
Linux-gkeop-5.15Ubuntuupstream*
Linux-gkeop-5.4Ubuntubionic*
Linux-gkeop-5.4Ubuntuesm-infra/bionic*
Linux-gkeop-5.4Ubuntuupstream*
Linux-hweUbuntubionic*
Linux-hweUbuntuesm-infra/bionic*
Linux-hweUbuntuesm-infra/xenial*
Linux-hweUbuntuupstream*
Linux-hweUbuntuxenial*
Linux-hwe-5.11Ubuntuesm-infra/focal*
Linux-hwe-5.11Ubuntufocal*
Linux-hwe-5.11Ubuntuupstream*
Linux-hwe-5.13Ubuntuesm-infra/focal*
Linux-hwe-5.13Ubuntufocal*
Linux-hwe-5.13Ubuntuupstream*
Linux-hwe-5.15Ubuntuupstream*
Linux-hwe-5.19Ubuntujammy*
Linux-hwe-5.19Ubuntuupstream*
Linux-hwe-5.4Ubuntubionic*
Linux-hwe-5.4Ubuntuesm-infra/bionic*
Linux-hwe-5.4Ubuntuupstream*
Linux-hwe-5.8Ubuntuesm-infra/focal*
Linux-hwe-5.8Ubuntufocal*
Linux-hwe-5.8Ubuntuupstream*
Linux-hwe-6.11Ubuntuupstream*
Linux-hwe-6.14Ubuntuupstream*
Linux-hwe-6.2Ubuntujammy*
Linux-hwe-6.2Ubuntuupstream*
Linux-hwe-6.5Ubuntuupstream*
Linux-hwe-6.8Ubuntuupstream*
Linux-hwe-edgeUbuntubionic*
Linux-hwe-edgeUbuntuesm-infra/bionic*
Linux-hwe-edgeUbuntuesm-infra/xenial*
Linux-hwe-edgeUbuntuupstream*
Linux-hwe-edgeUbuntuxenial*
Linux-ibmUbuntuesm-infra/focal*
Linux-ibmUbuntufocal*
Linux-ibmUbuntumantic*
Linux-ibmUbuntuupstream*
Linux-ibm-5.15Ubuntuupstream*
Linux-ibm-5.4Ubuntubionic*
Linux-ibm-5.4Ubuntuesm-infra/bionic*
Linux-ibm-5.4Ubuntuupstream*
Linux-ibm-6.8Ubuntuupstream*
Linux-intelUbuntuupstream*
Linux-intel-5.13Ubuntuesm-infra/focal*
Linux-intel-5.13Ubuntufocal*
Linux-intel-5.13Ubuntuupstream*
Linux-intel-iot-realtimeUbuntujammy*
Linux-intel-iot-realtimeUbuntuupstream*
Linux-intel-iotgUbuntuupstream*
Linux-intel-iotg-5.15Ubuntuupstream*
Linux-iotUbuntuupstream*
Linux-kvmUbuntubionic*
Linux-kvmUbuntuesm-infra/bionic*
Linux-kvmUbuntuesm-infra/focal*
Linux-kvmUbuntuesm-infra/xenial*
Linux-kvmUbuntufocal*
Linux-kvmUbuntuupstream*
Linux-kvmUbuntuxenial*
Linux-laptopUbuntuupstream*
Linux-lowlatencyUbuntuupstream*
Linux-lowlatency-hwe-5.15Ubuntuupstream*
Linux-lowlatency-hwe-5.19Ubuntujammy*
Linux-lowlatency-hwe-5.19Ubuntuupstream*
Linux-lowlatency-hwe-6.11Ubuntuupstream*
Linux-lowlatency-hwe-6.2Ubuntujammy*
Linux-lowlatency-hwe-6.2Ubuntuupstream*
Linux-lowlatency-hwe-6.5Ubuntuupstream*
Linux-lowlatency-hwe-6.8Ubuntuupstream*
Linux-lts-xenialUbuntuesm-infra-legacy/trusty*
Linux-lts-xenialUbuntutrusty*
Linux-lts-xenialUbuntutrusty/esm*
Linux-lts-xenialUbuntuupstream*
Linux-nvidiaUbuntuupstream*
Linux-nvidia-6.11Ubuntuupstream*
Linux-nvidia-6.2Ubuntujammy*
Linux-nvidia-6.2Ubuntuupstream*
Linux-nvidia-6.5Ubuntuupstream*
Linux-nvidia-6.8Ubuntuupstream*
Linux-nvidia-lowlatencyUbuntuupstream*
Linux-nvidia-tegraUbuntuupstream*
Linux-nvidia-tegra-5.15Ubuntuupstream*
Linux-nvidia-tegra-igxUbuntuupstream*
Linux-oemUbuntubionic*
Linux-oemUbuntuesm-infra/bionic*
Linux-oemUbuntuupstream*
Linux-oemUbuntuxenial*
Linux-oem-5.10Ubuntuesm-infra/focal*
Linux-oem-5.10Ubuntufocal*
Linux-oem-5.10Ubuntuupstream*
Linux-oem-5.13Ubuntuesm-infra/focal*
Linux-oem-5.13Ubuntufocal*
Linux-oem-5.13Ubuntuupstream*
Linux-oem-5.14Ubuntuesm-infra/focal*
Linux-oem-5.14Ubuntufocal*
Linux-oem-5.14Ubuntuupstream*
Linux-oem-5.17Ubuntujammy*
Linux-oem-5.17Ubuntuupstream*
Linux-oem-5.6Ubuntuesm-infra/focal*
Linux-oem-5.6Ubuntufocal*
Linux-oem-5.6Ubuntuupstream*
Linux-oem-6.0Ubuntujammy*
Linux-oem-6.0Ubuntuupstream*
Linux-oem-6.1Ubuntujammy*
Linux-oem-6.1Ubuntuupstream*
Linux-oem-6.11Ubuntuupstream*
Linux-oem-6.14Ubuntuupstream*
Linux-oem-6.17Ubuntuupstream*
Linux-oem-6.5Ubuntuupstream*
Linux-oem-6.8Ubuntuupstream*
Linux-oracleUbuntubionic*
Linux-oracleUbuntuesm-infra/bionic*
Linux-oracleUbuntuesm-infra/focal*
Linux-oracleUbuntuesm-infra/xenial*
Linux-oracleUbuntufocal*
Linux-oracleUbuntuupstream*
Linux-oracleUbuntuxenial*
Linux-oracle-5.0Ubuntubionic*
Linux-oracle-5.0Ubuntuesm-infra/bionic*
Linux-oracle-5.0Ubuntuupstream*
Linux-oracle-5.11Ubuntuesm-infra/focal*
Linux-oracle-5.11Ubuntufocal*
Linux-oracle-5.11Ubuntuupstream*
Linux-oracle-5.13Ubuntuesm-infra/focal*
Linux-oracle-5.13Ubuntufocal*
Linux-oracle-5.13Ubuntuupstream*
Linux-oracle-5.15Ubuntuupstream*
Linux-oracle-5.3Ubuntubionic*
Linux-oracle-5.3Ubuntuesm-infra/bionic*
Linux-oracle-5.3Ubuntuupstream*
Linux-oracle-5.4Ubuntubionic*
Linux-oracle-5.4Ubuntuesm-infra/bionic*
Linux-oracle-5.4Ubuntuupstream*
Linux-oracle-5.8Ubuntuesm-infra/focal*
Linux-oracle-5.8Ubuntufocal*
Linux-oracle-5.8Ubuntuupstream*
Linux-oracle-6.14Ubuntuupstream*
Linux-oracle-6.5Ubuntuupstream*
Linux-oracle-6.8Ubuntuupstream*
Linux-raspiUbuntuesm-infra/focal*
Linux-raspiUbuntufocal*
Linux-raspiUbuntuupstream*
Linux-raspi-5.4Ubuntubionic*
Linux-raspi-5.4Ubuntuesm-infra/bionic*
Linux-raspi-5.4Ubuntuupstream*
Linux-raspi-realtimeUbuntunoble*
Linux-raspi-realtimeUbuntuupstream*
Linux-raspi2Ubuntubionic*
Linux-raspi2Ubuntuesm-infra/focal*
Linux-raspi2Ubuntufocal*
Linux-raspi2Ubuntuupstream*
Linux-raspi2Ubuntuxenial*
Linux-realtimeUbuntujammy*
Linux-realtimeUbuntuupstream*
Linux-realtime-6.14Ubuntuupstream*
Linux-realtime-6.8Ubuntuupstream*
Linux-riscvUbuntuesm-infra/focal*
Linux-riscvUbuntufocal*
Linux-riscvUbuntujammy*
Linux-riscvUbuntuupstream*
Linux-riscv-5.11Ubuntuesm-infra/focal*
Linux-riscv-5.11Ubuntufocal*
Linux-riscv-5.11Ubuntuupstream*
Linux-riscv-5.15Ubuntuupstream*
Linux-riscv-5.19Ubuntujammy*
Linux-riscv-5.19Ubuntuupstream*
Linux-riscv-5.8Ubuntuesm-infra/focal*
Linux-riscv-5.8Ubuntufocal*
Linux-riscv-5.8Ubuntuupstream*
Linux-riscv-6.14Ubuntuupstream*
Linux-riscv-6.5Ubuntuupstream*
Linux-riscv-6.8Ubuntuupstream*
Linux-starfiveUbuntuupstream*
Linux-starfive-5.19Ubuntujammy*
Linux-starfive-5.19Ubuntuupstream*
Linux-starfive-6.2Ubuntujammy*
Linux-starfive-6.2Ubuntuupstream*
Linux-starfive-6.5Ubuntuupstream*
Linux-xilinxUbuntuupstream*
Linux-xilinx-zynqmpUbuntuupstream*

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use