{"id":"CVE-2021-28691","details":"Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.","modified":"2026-04-16T04:42:09.877613068Z","published":"2021-06-29T12:15:08.543Z","references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-30"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210805-0002/"},{"type":"ADVISORY","url":"https://xenbits.xenproject.org/xsa/advisory-374.txt"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28691.json","unresolved_ranges":[{"events":[{"introduced":"5.5.0"},{"fixed":"5.12.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}