VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-c8ep-xe3a-wycj

Essentials
Severities (8)
References (15)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-c8ep-xe3a-wycj
Aliases	CVE-2021-3348
Summary	nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.
Status	Published
Exploitability	0.5
Weighted Severity	6.3
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-416	Use After Free

System	Score	Found at
cvssv3	7.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3348.json
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2021-3348
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2021-3348
cvssv3.1	5.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux	Medium	https://security.archlinux.org/AVG-1512
archlinux	Medium	https://security.archlinux.org/AVG-1513
archlinux	Medium	https://security.archlinux.org/AVG-1514
archlinux	Medium	https://security.archlinux.org/AVG-1515

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3348.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-3348
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3348
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1921958		https://bugzilla.redhat.com/show_bug.cgi?id=1921958
AVG-1512		https://security.archlinux.org/AVG-1512
AVG-1513		https://security.archlinux.org/AVG-1513
AVG-1514		https://security.archlinux.org/AVG-1514
AVG-1515		https://security.archlinux.org/AVG-1515
RHSA-2021:4140		https://access.redhat.com/errata/RHSA-2021:4140
RHSA-2021:4356		https://access.redhat.com/errata/RHSA-2021:4356
USN-4884-1		https://usn.ubuntu.com/4884-1/
USN-4907-1		https://usn.ubuntu.com/4907-1/
USN-4909-1		https://usn.ubuntu.com/4909-1/
USN-4910-1		https://usn.ubuntu.com/4910-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3348.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.26394
EPSS Score	0.00095
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:43:34.215467+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0