Context Switching Race Condition

CVE-2021-21941

High

9/10

Summary

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-368 - Context Switching Race Condition

A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch.

References

Advisory Timeline

Published Oct 12, 2021

Context Switching Race Condition

CVE-2021-21941

Summary

CWE-368 - Context Switching Race Condition

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS