CVE-2021-3348

Public on 2021-02-16
Modified on 2021-02-19
Description
A use after free flaw in the Linux kernel network block device (NBD) subsystem was found in the way user calls an ioctl NBD_SET_SOCK at a certain point during device setup.
Severity
Medium
CVSS v3 Base Score
7.0
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 kernel 2021-02-17 18:07 ALAS2-2021-1600
Amazon Linux 1 kernel 2021-02-16 00:13 ALAS-2021-1480

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv2 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P
NVD CVSSv3 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H