{"id":"CVE-2021-28691","details":"Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.","modified":"2026-03-13T01:58:46.163010Z","published":"2021-06-29T12:15:08.543Z","related":["MGASA-2021-0257","MGASA-2021-0258"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-30"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210805-0002/"},{"type":"ADVISORY","url":"https://xenbits.xenproject.org/xsa/advisory-374.txt"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.5.0"},{"fixed":"5.12.2"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28691.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}