UBUNTU-CVE-2021-41073

Advisory lineage Upstream: 1 Downstream: 4

Upstream

CVE-2021-41073

Downstream

USN-5092-1 USN-5092-2 USN-5096-1 USN-5106-1

Published: 19 Sept 2021, 17:15

Last modified:04 Feb 2026, 02:15

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

3.1 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Sept 2021, 17:15

Published

Vulnerability first disclosed

04 Feb 2026, 02:15

Last Modified

Vulnerability information updated

Description

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

ubuntu•linux-aws-5.0
all
ubuntu•linux-aws-5.11
< 5.11.0-1019.20~20.04.1
ubuntu•linux-aws-5.3
all
ubuntu•linux-aws-5.8
all
ubuntu•linux-azure
all
ubuntu•linux-azure-5.11
< 5.11.0-1017.18~20.04.1
ubuntu•linux-azure-5.3
all
ubuntu•linux-azure-edge
all
ubuntu•linux-gcp
all
ubuntu•linux-gcp-5.11
< 5.11.0-1020.22~20.04.1
ubuntu•linux-gcp-5.3
all
ubuntu•linux-gcp-5.8
all
ubuntu•linux-gcp-edge
all
ubuntu•linux-gke-4.15
all
ubuntu•linux-hwe
all
ubuntu•linux-hwe-5.11
< 5.11.0-37.41~20.04.2
ubuntu•linux-hwe-edge
all | all
ubuntu•linux-intel-5.13
all
ubuntu•linux-oem
all
ubuntu•linux-oem-5.10
< 5.10.0-1049.51
ubuntu•linux-oem-5.13
< 5.13.0-1014.18
ubuntu•linux-oem-5.6
all
ubuntu•linux-oracle-5.0
all
ubuntu•linux-oracle-5.11
< 5.11.0-1019.20~20.04.1
ubuntu•linux-oracle-5.3
all
ubuntu•linux-oracle-5.8
all
ubuntu•linux-raspi2
all
ubuntu•linux-riscv
all
ubuntu•linux-riscv-5.11
< 5.11.0-1020.21~20.04.1
ubuntu•linux-riscv-5.8
all