{"id":"CVE-2021-4028","details":"A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.","modified":"2026-03-14T14:52:38.440015Z","published":"2022-08-24T16:15:09.197Z","related":["ALSA-2022:1550","SUSE-SU-2022:0257-1","SUSE-SU-2022:0270-1","SUSE-SU-2022:0293-1","SUSE-SU-2022:0295-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20221228-0002/"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-4028"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2027201"},{"type":"FIX","url":"https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74"},{"type":"FIX","url":"https://lkml.org/lkml/2021/10/4/697"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-4028.json","unresolved_ranges":[{"events":[{"introduced":"5.10"},{"fixed":"5.10.71"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.14.10"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp4"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}