{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "5.5" }, { "fixed": "5.10.43" } ] }, { "events": [ { "introduced": "5.11" }, { "fixed": "5.12.10" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.13-rc1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.13-rc2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.13-rc3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.13-rc4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.13-rc5" } ] } ] } } ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netback: take a reference to the RX task thread\n\nDo this in order to prevent the task from being freed if the thread\nreturns (which can be triggered by the frontend) before the call to\nkthread_stop done as part of the backend tear down. Not taking the\nreference will lead to a use-after-free in that scenario. Such\nreference was taken before but dropped as part of the rework done in\n2ac061ce97f4.\n\nReintroduce the reference taking and add a comment this time\nexplaining why it's needed.\n\nThis is XSA-374 / CVE-2021-28691.", "id": "CVE-2021-47111", "modified": "2026-03-15T21:46:44.575621970Z", "published": "2024-03-15T21:15:06.577Z", "references": [ { "type": "FIX", "url": "https://git.kernel.org/stable/c/107866a8eb0b664675a260f1ba0655010fac1e08" }, { "type": "FIX", "url": "https://git.kernel.org/stable/c/6b53db8c4c14b4e7256f058d202908b54a7b85b4" }, { "type": "FIX", "url": "https://git.kernel.org/stable/c/caec9bcaeb1a5f03f2d406305355c853af10c13e" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }