[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-47106":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T02:53:27.892Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":34,"related":35,"reserved_at":9,"published_at":39,"modified_at":40,"state":41,"summary":42,"references_raw":51,"kevs":62,"epss":63,"epss_history":66,"metrics":318,"affected":324},"CVE-2021-47106","In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()\n\nWe need to use list_for_each_entry_safe() iterator\nbecause we can not access @catchall after kfree_rcu() call.\n\nsyzbot reported:\n\nBUG: KASAN: use-after-free in nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline]\nBUG: KASAN: use-after-free in nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline]\nBUG: KASAN: use-after-free in nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493\nRead of size 8 at addr ffff8880716e5b80 by task syz-executor.3/8871\n\nCPU: 1 PID: 8871 Comm: syz-executor.3 Not tainted 5.16.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003CTASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x2ed mm/kasan/report.c:247\n __kasan_report mm/kasan/report.c:433 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:450\n nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline]\n nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline]\n nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493\n __nft_release_table+0x79f/0xcd0 net/netfilter/nf_tables_api.c:9626\n nft_rcv_nl_event+0x4f8/0x670 net/netfilter/nf_tables_api.c:9688\n notifier_call_chain+0xb5/0x200 kernel/notifier.c:83\n blocking_notifier_call_chain kernel/notifier.c:318 [inline]\n blocking_notifier_call_chain+0x67/0x90 kernel/notifier.c:306\n netlink_release+0xcb6/0x1dd0 net/netlink/af_netlink.c:788\n __sock_release+0xcd/0x280 net/socket.c:649\n sock_close+0x18/0x20 net/socket.c:1314\n __fput+0x286/0x9f0 fs/file_table.c:280\n task_work_run+0xdd/0x1a0 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop kernel/entry/common.c:175 [inline]\n exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207\n __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]\n syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300\n do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f75fbf28adb\nCode: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 \u003C48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44\nRSP: 002b:00007ffd8da7ec10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f75fbf28adb\nRDX: 00007f75fc08e828 RSI: ffffffffffffffff RDI: 0000000000000003\nRBP: 00007f75fc08a960 R08: 0000000000000000 R09: 00007f75fc08e830\nR10: 00007ffd8da7ed10 R11: 0000000000000293 R12: 00000000002067c3\nR13: 00007ffd8da7ed10 R14: 00007f75fc088f60 R15: 0000000000000032\n \u003C/TASK>\n\nAllocated by task 8886:\n kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38\n kasan_set_track mm/kasan/common.c:46 [inline]\n set_alloc_info mm/kasan/common.c:434 [inline]\n ____kasan_kmalloc mm/kasan/common.c:513 [inline]\n ____kasan_kmalloc mm/kasan/common.c:472 [inline]\n __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:522\n kasan_kmalloc include/linux/kasan.h:269 [inline]\n kmem_cache_alloc_trace+0x1ea/0x4a0 mm/slab.c:3575\n kmalloc include/linux/slab.h:590 [inline]\n nft_setelem_catchall_insert net/netfilter/nf_tables_api.c:5544 [inline]\n nft_setelem_insert net/netfilter/nf_tables_api.c:5562 [inline]\n nft_add_set_elem+0x232e/0x2f40 net/netfilter/nf_tables_api.c:5936\n nf_tables_newsetelem+0x6ff/0xbb0 net/netfilter/nf_tables_api.c:6032\n nfnetlink_rcv_batch+0x1710/0x25f0 net/netfilter/nfnetlink.c:513\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline]\n nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:652\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/\n---truncated---",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32],{"_key":25},"UBUNTU-CVE-2021-47106",{"_key":27},"SUSE-SU-2024:3190-1",{"_key":29},"SUSE-SU-2024:3209-1",{"_key":31},"SUSE-SU-2024:3483-1",{"_key":33},"DEBIAN-CVE-2021-47106",[],[36,37,38],{"_key":27},{"_key":29},{"_key":31},"2024-03-04T18:15:20.190Z","2026-05-11T13:48:10.835Z","Analyzed",{"cisa_kev":43,"cisa_ransomware":43,"cisa_vendor":9,"epss_severity":44,"epss_score":45,"severity":46,"severity_score":47,"severity_version":48,"severity_source":49,"severity_vector":50,"severity_status":41},false,"low",0.00015,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[52,58],{"url":53,"sources":54,"tags":56},"https://git.kernel.org/stable/c/9d558e5f0d6fdd0a568f73dceb0b40c4f5012e5a",[55,49],"cve.org",[57],"Patch",{"url":59,"sources":60,"tags":61},"https://git.kernel.org/stable/c/0f7d9b31ce7abdbb29bf018131ac920c9f698518",[55,49],[57],[],{"date":64,"score":45,"percentile":65},"2026-06-03",0.03235,[67,71,74,77,80,83,85,88,91,94,97,100,103,106,109,113,116,119,122,125,128,131,134,137,139,142,144,146,149,152,155,158,161,164,167,169,172,175,177,180,183,186,189,192,195,197,200,203,206,209,211,214,217,220,223,226,229,232,235,238,241,243,246,249,251,254,257,260,263,266,268,271,273,275,278,281,283,286,288,291,293,296,298,300,302,304,307,309,312,315],{"date":68,"score":69,"percentile":70},"2025-11-04",0.00012,0.01197,{"date":72,"score":69,"percentile":73},"2025-11-05",0.01216,{"date":75,"score":69,"percentile":76},"2025-11-06",0.01227,{"date":78,"score":69,"percentile":79},"2025-11-07",0.0123,{"date":81,"score":45,"percentile":82},"2025-11-08",0.02128,{"date":84,"score":45,"percentile":82},"2025-11-09",{"date":86,"score":45,"percentile":87},"2025-11-10",0.02112,{"date":89,"score":45,"percentile":90},"2025-11-11",0.02129,{"date":92,"score":45,"percentile":93},"2025-11-12",0.02138,{"date":95,"score":45,"percentile":96},"2025-11-13",0.02165,{"date":98,"score":45,"percentile":99},"2025-11-14",0.02177,{"date":101,"score":45,"percentile":102},"2025-11-15",0.02199,{"date":104,"score":45,"percentile":105},"2025-11-16",0.02201,{"date":107,"score":45,"percentile":108},"2025-11-17",0.02187,{"date":110,"score":111,"percentile":112},"2025-11-18",0.0008,0.19869,{"date":114,"score":111,"percentile":115},"2025-11-19",0.19888,{"date":117,"score":111,"percentile":118},"2025-11-20",0.19861,{"date":120,"score":45,"percentile":121},"2025-11-21",0.02249,{"date":123,"score":45,"percentile":124},"2025-11-22",0.02251,{"date":126,"score":45,"percentile":127},"2025-11-23",0.02246,{"date":129,"score":45,"percentile":130},"2025-11-24",0.02233,{"date":132,"score":45,"percentile":133},"2025-11-25",0.02221,{"date":135,"score":45,"percentile":136},"2025-11-26",0.02198,{"date":138,"score":45,"percentile":136},"2025-11-27",{"date":140,"score":45,"percentile":141},"2025-11-28",0.02197,{"date":143,"score":45,"percentile":127},"2025-11-29",{"date":145,"score":45,"percentile":121},"2025-11-30",{"date":147,"score":45,"percentile":148},"2025-12-01",0.02299,{"date":150,"score":45,"percentile":151},"2025-12-02",0.02293,{"date":153,"score":45,"percentile":154},"2025-12-03",0.02297,{"date":156,"score":45,"percentile":157},"2025-12-04",0.02243,{"date":159,"score":45,"percentile":160},"2025-12-05",0.02259,{"date":162,"score":45,"percentile":163},"2025-12-06",0.02265,{"date":165,"score":45,"percentile":166},"2025-12-07",0.02268,{"date":168,"score":45,"percentile":166},"2025-12-08",{"date":170,"score":45,"percentile":171},"2025-12-09",0.02287,{"date":173,"score":45,"percentile":174},"2025-12-10",0.02315,{"date":176,"score":45,"percentile":174},"2025-12-11",{"date":178,"score":45,"percentile":179},"2025-12-12",0.02325,{"date":181,"score":45,"percentile":182},"2025-12-13",0.02308,{"date":184,"score":45,"percentile":185},"2025-12-14",0.02314,{"date":187,"score":45,"percentile":188},"2025-12-15",0.02305,{"date":190,"score":45,"percentile":191},"2025-12-16",0.02295,{"date":193,"score":45,"percentile":194},"2025-12-17",0.02312,{"date":196,"score":45,"percentile":174},"2025-12-18",{"date":198,"score":45,"percentile":199},"2025-12-19",0.0232,{"date":201,"score":45,"percentile":202},"2025-12-20",0.02322,{"date":204,"score":45,"percentile":205},"2025-12-21",0.02331,{"date":207,"score":45,"percentile":208},"2025-12-22",0.02329,{"date":210,"score":45,"percentile":205},"2025-12-23",{"date":212,"score":45,"percentile":213},"2025-12-24",0.02344,{"date":215,"score":45,"percentile":216},"2025-12-25",0.02351,{"date":218,"score":45,"percentile":219},"2025-12-26",0.02354,{"date":221,"score":45,"percentile":222},"2025-12-27",0.02338,{"date":224,"score":45,"percentile":225},"2025-12-28",0.02353,{"date":227,"score":45,"percentile":228},"2025-12-29",0.02342,{"date":230,"score":45,"percentile":231},"2025-12-30",0.02337,{"date":233,"score":45,"percentile":234},"2025-12-31",0.02326,{"date":236,"score":45,"percentile":237},"2026-01-01",0.0238,{"date":239,"score":45,"percentile":240},"2026-01-02",0.02381,{"date":242,"score":45,"percentile":237},"2026-01-03",{"date":244,"score":45,"percentile":245},"2026-01-04",0.02316,{"date":247,"score":45,"percentile":248},"2026-01-05",0.02321,{"date":250,"score":45,"percentile":182},"2026-01-06",{"date":252,"score":45,"percentile":253},"2026-01-07",0.02324,{"date":255,"score":45,"percentile":256},"2026-01-08",0.02348,{"date":258,"score":45,"percentile":259},"2026-01-09",0.02362,{"date":261,"score":45,"percentile":262},"2026-01-10",0.02369,{"date":264,"score":45,"percentile":265},"2026-01-11",0.02352,{"date":267,"score":45,"percentile":208},"2026-01-12",{"date":269,"score":45,"percentile":270},"2026-01-13",0.02318,{"date":272,"score":45,"percentile":202},"2026-01-14",{"date":274,"score":45,"percentile":245},"2026-01-15",{"date":276,"score":45,"percentile":277},"2026-01-16",0.0231,{"date":279,"score":45,"percentile":280},"2026-01-17",0.02313,{"date":282,"score":45,"percentile":202},"2026-01-18",{"date":284,"score":45,"percentile":285},"2026-01-19",0.02309,{"date":287,"score":45,"percentile":154},"2026-01-20",{"date":289,"score":45,"percentile":290},"2026-01-21",0.02291,{"date":292,"score":45,"percentile":290},"2026-01-22",{"date":294,"score":45,"percentile":295},"2026-01-23",0.02301,{"date":297,"score":45,"percentile":248},"2026-01-24",{"date":299,"score":45,"percentile":185},"2026-01-25",{"date":301,"score":45,"percentile":285},"2026-01-26",{"date":303,"score":45,"percentile":280},"2026-01-27",{"date":305,"score":45,"percentile":306},"2026-01-28",0.02317,{"date":308,"score":45,"percentile":222},"2026-01-29",{"date":310,"score":45,"percentile":311},"2026-01-30",0.02345,{"date":313,"score":45,"percentile":314},"2026-01-31",0.02364,{"date":316,"score":45,"percentile":317},"2026-02-01",0.02413,[319],{"source":49,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":320,"cvss_v4_0":9},{"baseScore":47,"baseSeverity":321,"vectorString":50,"impactScore":322,"exploitabilityScore":323},"HIGH",9.8,4.6,[325,342],{"ecosystem":9,"name":326,"vendor":327,"product":327,"cpe_part":328,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":329},"Linux","linux","a",[330,337,340],{"version":331,"is_range":332,"range_type":55,"version_start":333,"version_start_type":334,"version_end":335,"version_end_type":336,"fixed_in":9},">= aaa31047a6d25da0fa101da1ed544e1247949b40, \u003C 9d558e5f0d6fdd0a568f73dceb0b40c4f5012e5a",true,"aaa31047a6d25da0fa101da1ed544e1247949b40","including","9d558e5f0d6fdd0a568f73dceb0b40c4f5012e5a","excluding",{"version":338,"is_range":332,"range_type":55,"version_start":333,"version_start_type":334,"version_end":339,"version_end_type":336,"fixed_in":9},">= aaa31047a6d25da0fa101da1ed544e1247949b40, \u003C 0f7d9b31ce7abdbb29bf018131ac920c9f698518","0f7d9b31ce7abdbb29bf018131ac920c9f698518",{"version":341,"is_range":43,"range_type":55,"version_start":341,"version_start_type":334,"version_end":341,"version_end_type":334,"fixed_in":9},"5.13",{"ecosystem":9,"name":343,"vendor":327,"product":344,"cpe_part":345,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":346},"linux kernel","linux_kernel","o",[347,351,353,355,357,359,361],{"version":348,"is_range":332,"range_type":349,"version_start":341,"version_start_type":334,"version_end":350,"version_end_type":336,"fixed_in":9},"gte5.13_lt5.15.12","cpe","5.15.12",{"version":352,"is_range":43,"range_type":349,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.16:rc1",{"version":354,"is_range":43,"range_type":349,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.16:rc2",{"version":356,"is_range":43,"range_type":349,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.16:rc3",{"version":358,"is_range":43,"range_type":349,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.16:rc4",{"version":360,"is_range":43,"range_type":349,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.16:rc5",{"version":362,"is_range":43,"range_type":349,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.16:rc6"]