| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052143-CVE-2021-47248-2609@gregkh>
Date: Tue, 21 May 2024 16:20:02 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kaustubh Pandey <kapandey@...eaurora.org>
Subject: CVE-2021-47248: udp: fix race between close() and udp_abort()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
udp: fix race between close() and udp_abort()
Kaustubh reported and diagnosed a panic in udp_lib_lookup().
The root cause is udp_abort() racing with close(). Both
racing functions acquire the socket lock, but udp{v6}_destroy_sock()
release it before performing destructive actions.
We can't easily extend the socket lock scope to avoid the race,
instead use the SOCK_DEAD flag to prevent udp_abort from doing
any action when the critical race happens.
Diagnosed-and-tested-by: Kaustubh Pandey <kapandey@...eaurora.org>
The Linux kernel CVE team has assigned CVE-2021-47248 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.9 with commit 5d77dca82839 and fixed in 4.9.274 with commit e3c36c773aed
Issue introduced in 4.9 with commit 5d77dca82839 and fixed in 4.14.238 with commit a0882f68f54f
Issue introduced in 4.9 with commit 5d77dca82839 and fixed in 4.19.196 with commit 2f73448041bd
Issue introduced in 4.9 with commit 5d77dca82839 and fixed in 5.4.128 with commit 5a88477c1c85
Issue introduced in 4.9 with commit 5d77dca82839 and fixed in 5.10.46 with commit 8729ec8a2238
Issue introduced in 4.9 with commit 5d77dca82839 and fixed in 5.12.13 with commit 65310b0aff86
Issue introduced in 4.9 with commit 5d77dca82839 and fixed in 5.13 with commit a8b897c7bcd4
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2021-47248
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
net/ipv4/udp.c
net/ipv6/udp.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/e3c36c773aed0fef8b1d3d555b43393ec564400f
https://git.kernel.org/stable/c/a0882f68f54f7a8b6308261acee9bd4faab5a69e
https://git.kernel.org/stable/c/2f73448041bd0682d4b552cfd314ace66107f1ad
https://git.kernel.org/stable/c/5a88477c1c85e4baa51e91f2d40f2166235daa56
https://git.kernel.org/stable/c/8729ec8a2238152a4afc212a331a6cd2c61aeeac
https://git.kernel.org/stable/c/65310b0aff86980a011c7c7bfa487a333d4ca241
https://git.kernel.org/stable/c/a8b897c7bcd47f4147d066e22cc01d1026d7640e
Powered by blists - more mailing lists