| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024022827-CVE-2021-46998-eda2@gregkh> Date: Wed, 28 Feb 2024 09:14:48 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: gregkh@...nel.org Subject: CVE-2021-46998: ethernet:enic: Fix a use after free bug in enic_hard_start_xmit From: gregkh@...nel.org Description =========== In the Linux kernel, the following vulnerability has been resolved: ethernet:enic: Fix a use after free bug in enic_hard_start_xmit In enic_hard_start_xmit, it calls enic_queue_wq_skb(). Inside enic_queue_wq_skb, if some error happens, the skb will be freed by dev_kfree_skb(skb). But the freed skb is still used in skb_tx_timestamp(skb). My patch makes enic_queue_wq_skb() return error and goto spin_unlock() incase of error. The solution is provided by Govind. See https://lkml.org/lkml/2021/4/30/961. The Linux kernel CVE team has assigned CVE-2021-46998 to this issue. Affected and fixed versions =========================== Issue introduced in 4.16 with commit fb7516d42478e and fixed in 4.19.191 with commit 25a87b1f566b Issue introduced in 4.16 with commit fb7516d42478e and fixed in 5.4.120 with commit f7f6f0777409 Issue introduced in 4.16 with commit fb7516d42478e and fixed in 5.10.38 with commit 7afdd6aba95c Issue introduced in 4.16 with commit fb7516d42478e and fixed in 5.11.22 with commit 6892396ebf04 Issue introduced in 4.16 with commit fb7516d42478e and fixed in 5.12.5 with commit d90529392aaf Issue introduced in 4.16 with commit fb7516d42478e and fixed in 5.13 with commit 643001b47adc Please see https://www.kernel.org or a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-46998 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/cisco/enic/enic_main.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/25a87b1f566b5eb2af2857a928f0e2310d900976 https://git.kernel.org/stable/c/f7f6f07774091a6ddd98500b85386c3c6afb30d3 https://git.kernel.org/stable/c/7afdd6aba95c8a526038e7abe283eeac3e4320f1 https://git.kernel.org/stable/c/6892396ebf04ea2c021d80e10f4075e014cd7cc3 https://git.kernel.org/stable/c/d90529392aaf498dafa95d212295d64b2cea4e24 https://git.kernel.org/stable/c/643001b47adc844ae33510c4bb93c236667008a3
Powered by blists - more mailing lists