Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:xen-netback: take a reference to the RX task threadDo this in order to prevent the task from being freed if the threadreturns (which can be triggered by the frontend) before the call tokthread_stop done as part of the backend tear down. Not taking thereference will lead to a use-after-free in that scenario. Suchreference was taken before but dropped as part of the rework done in2ac061ce97f4.Reintroduce the reference taking and add a comment this timeexplaining why it's needed.This is XSA-374 / CVE-2021-28691.
No PoCs from references.
- https://github.com/NaInSec/CVE-LIST