CVE-2021-41073

Public on 2021-09-19

Modified on 2022-01-10

Description

A flaw was found in loop_rw_iter in fs/io_uring.c in the Linux kernel. This problem gives the ability to a local user with a normal user privilege to free a user-defined kernel space buffer.

Severity

Important

See what this means

CVSS v3 Base Score

7.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 2 - Kernel-5.10 Extra	kernel	2022-01-28	ALAS2KERNEL-5.10-2022-006	Fixed
Amazon Linux 2 - Livepatch Extra	kernel-livepatch-5.10.50-44.131	2021-11-12	ALAS2LIVEPATCH-2021-065	Fixed
Amazon Linux 2 - Livepatch Extra	kernel-livepatch-5.10.50-44.132	2021-11-12	ALAS2LIVEPATCH-2021-066	Fixed
Amazon Linux 2 - Livepatch Extra	kernel-livepatch-5.10.59-52.142	2021-11-12	ALAS2LIVEPATCH-2021-067	Fixed
Amazon Linux 2 - Livepatch Extra	kernel-livepatch-5.10.62-55.141	2021-11-12	ALAS2LIVEPATCH-2021-068	Fixed

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.8	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2021-41073 Mitre: CVE-2021-41073