| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052432-CVE-2021-47518-632d@gregkh> Date: Fri, 24 May 2024 17:09:38 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47518: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done Description =========== In the Linux kernel, the following vulnerability has been resolved: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done The done() netlink callback nfc_genl_dump_ses_done() should check if received argument is non-NULL, because its allocation could fail earlier in dumpit() (nfc_genl_dump_ses()). The Linux kernel CVE team has assigned CVE-2021-47518 to this issue. Affected and fixed versions =========================== Issue introduced in 3.12 with commit ac22ac466a65 and fixed in 4.4.295 with commit 87cdb8789c38 Issue introduced in 3.12 with commit ac22ac466a65 and fixed in 4.9.293 with commit 69bb79a8f5bb Issue introduced in 3.12 with commit ac22ac466a65 and fixed in 4.14.258 with commit 811a75767477 Issue introduced in 3.12 with commit ac22ac466a65 and fixed in 4.19.221 with commit 3b861a40325e Issue introduced in 3.12 with commit ac22ac466a65 and fixed in 5.4.165 with commit 48fcd08fdbe0 Issue introduced in 3.12 with commit ac22ac466a65 and fixed in 5.10.85 with commit 83ea620a1be8 Issue introduced in 3.12 with commit ac22ac466a65 and fixed in 5.15.8 with commit fae9705d2810 Issue introduced in 3.12 with commit ac22ac466a65 and fixed in 5.16 with commit 4cd8371a234d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47518 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/nfc/netlink.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/87cdb8789c38e44ae5454aafe277997c950d00ed https://git.kernel.org/stable/c/69bb79a8f5bb9f436b6f1434ca9742591b7bbe18 https://git.kernel.org/stable/c/811a7576747760bcaf60502f096d1e6e91d566fa https://git.kernel.org/stable/c/3b861a40325eac9c4c13b6c53874ad90617e944d https://git.kernel.org/stable/c/48fcd08fdbe05e35b650a252ec2a2d96057a1c7a https://git.kernel.org/stable/c/83ea620a1be840bf05089a5061fb8323ca42f38c https://git.kernel.org/stable/c/fae9705d281091254d4a81fa2da9d22346097dca https://git.kernel.org/stable/c/4cd8371a234d051f9c9557fcbb1f8c523b1c0d10
Powered by blists - more mailing lists