CVE-2021-41073
7.8 HIGHloop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BU...
Published: 2021-09-19 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-763
Affected products
| Vendor | Product |
|---|---|
| debian | cloud_backup, debian_linux, fedora |
| fedoraproject | cloud_backup, debian_linux, fedora |
| linux | cloud_backup, debian_linux, fedora |
| netapp | cloud_backup, debian_linux, fedora |
Description
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41073
- [Other]http://www.openwall.com/lists/oss-security/2021/09/18/2
- [Other]http://www.openwall.com/lists/oss-security/2021/09/18/2
- [Other]http://www.openwall.com/lists/oss-security/2021/09/18/2
- [Other]http://www.openwall.com/lists/oss-security/2021/09/18/2
- [Other]http://www.openwall.com/lists/oss-security/2022/06/04/4
- [Patch]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J7KSMIOQ4377CVTHMWNGNCWHMCRFRP2T/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAP4TXEZ7J4EZQMQW5SIJMWXG7WZT3F7/
- [Other]https://security.netapp.com/advisory/ntap-20211014-0003/
- [Other]https://www.debian.org/security/2021/dsa-4978
- [Other]http://www.openwall.com/lists/oss-security/2021/09/18/2
- [Other]http://www.openwall.com/lists/oss-security/2021/09/18/2
- [Other]http://www.openwall.com/lists/oss-security/2021/09/18/2
- [Other]http://www.openwall.com/lists/oss-security/2021/09/18/2
- [Other]http://www.openwall.com/lists/oss-security/2022/06/04/4
- [Patch]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J7KSMIOQ4377CVTHMWNGNCWHMCRFRP2T/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAP4TXEZ7J4EZQMQW5SIJMWXG7WZT3F7/
- [Other]https://security.netapp.com/advisory/ntap-20211014-0003/
- [Other]https://www.debian.org/security/2021/dsa-4978
Related CVEs
Same vendor
- CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
- CVE-2026-46273 — In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapt... (8.6 HIGH)
- CVE-2026-46272 — In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode ... (4.7 MEDIUM)
- CVE-2026-46271 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi... (7.8 HIGH)
- CVE-2026-46270 — In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() ... (8.4 HIGH)
Same CWE
- CVE-2026-9516 — Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws (7.5 HIGH)
- CVE-2026-47312 — Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation (5.5 MEDIUM)
- CVE-2021-3682 — A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2 (8.5 HIGH)
- CVE-2020-28941 — An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9 (5.5 MEDIUM)