{"id":"CVE-2021-33033","details":"The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.","modified":"2026-03-13T04:54:52.488634Z","published":"2021-05-14T23:15:09.780Z","related":["SUSE-SU-2021:14849-1","SUSE-SU-2021:3641-1","SUSE-SU-2021:3642-1","SUSE-SU-2021:3675-1","SUSE-SU-2021:3723-1","SUSE-SU-2021:3748-1","SUSE-SU-2021:3876-1","SUSE-SU-2021:3929-1","SUSE-SU-2021:3935-1","SUSE-SU-2021:3969-1","openSUSE-SU-2021:1477-1","openSUSE-SU-2021:3641-1","openSUSE-SU-2021:3675-1","openSUSE-SU-2021:3876-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad5d07f4a9cd671233ae20983848874731102c08"},{"type":"FIX","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.14"},{"type":"FIX","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7"},{"type":"EVIDENCE","url":"https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-cipso_v4_genopt"},{"type":"EVIDENCE","url":"https://syzkaller.appspot.com/bug?id=96e7d345748d8814901c91cd92084ed04b46701e"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.11.14"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-33033.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}