{"id":"CVE-2021-29266","details":"An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v-\u003econfig_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.","modified":"2026-03-13T01:59:25.391844Z","published":"2021-03-26T22:15:13.147Z","related":["MGASA-2021-0174","MGASA-2021-0175"],"references":[{"type":"ADVISORY","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.9"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210513-0005/"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.8"},{"fixed":"5.10.26"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.11.9"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29266.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}