CVE-2021-4028

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-4028
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-08-24 16:15:00 UTC
Updated2023-02-10 16:18:00 UTC
DescriptionA flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All
Operating System Suse Linux Enterprise 15.0 sp3 All All
Operating System Suse Linux Enterprise 15.0 sp4 All All

References

ReferenceSourceLinkTags
LKML: Greg Kroah-Hartman: [PATCH 5.10 22/93] RDMA/cma: Do not change route.addr.src_addr.ss_family MISC lkml.org
CVE-2021-4028 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
kernel/git/torvalds/linux.git - Linux kernel source tree MISC git.kernel.org
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
2027201 – (CVE-2021-4028) CVE-2021-4028 kernel: use-after-free in RDMA listen() MISC bugzilla.redhat.com
Bug 1193167 – VUL-0: CVE-2021-4028: kernel-source,kernel-source-rt,kernel-source-azure: kernel: use-after-free in RDMA listen() MISC bugzilla.suse.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159740 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1198)
  • 159766 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1550)
  • 180126 Debian Security Update for linux (CVE-2021-4028)
  • 240094 Red Hat Update for kpatch-patch (RHSA-2022:0590)
  • 240100 Red Hat Update for kernel (RHSA-2022:0636)
  • 240101 Red Hat Update for kernel-rt (RHSA-2022:0629)
  • 240120 Red Hat Update for kpatch-patch (RHSA-2022:0772)
  • 240121 Red Hat Update for kernel-rt (RHSA-2022:0771)
  • 240122 Red Hat Update for kernel security (RHSA-2022:0777)
  • 240195 Red Hat Update for kpatch-patch (RHSA-2022:1185)
  • 240199 Red Hat Update for kernel security (RHSA-2022:1198)
  • 240200 Red Hat Update for kernel-rt (RHSA-2022:1199)
  • 240237 Red Hat Update for kpatch-patch (RHSA-2022:1535)
  • 240243 Red Hat Update for kernel-rt (RHSA-2022:1555)
  • 240249 Red Hat Update for kernel (RHSA-2022:1550)
  • 240418 Red Hat Update for kpatch-patch (RHSA-2022:0851)
  • 240440 Red Hat Update for kernel (RHSA-2022:1324)
  • 753118 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (SUSE-SU-2022:0295-1)
  • 753292 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2022:0293-1)
  • 753385 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 4 for SLE 15 SP3) (SUSE-SU-2022:0257-1)
  • 753423 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) (SUSE-SU-2022:0270-1)
  • 940484 AlmaLinux Security Update for kernel (ALSA-2022:1550)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report