You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to
https://nvd.nist.gov
An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
This CVE has been marked Rejected in the CVE List. These CVEs are stored in the NVD, but do not show up in search results by default.
Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Metrics
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected].
Title: kernel de Linux
Description: En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hamradio: diferir ax25 kfree después de unregister_netdev Existe una posible condición de ejecución (use-after-free) como la siguiente (USE) | (GRATIS) ax25_sendmsg | ax25_queue_xmit | dev_queue_xmit | __dev_queue_xmit | __dev_xmit_skb | sch_direct_xmit | ... xmit_one | netdev_start_xmit | tty_ldisc_kill __netdev_start_xmit | mkiss_close ax_xmit | kfree ax_encaps | | Aunque hay dos primitivas de sincronización antes de kfree: 1. wait_for_completion(&ax->dead). Esto puede evitar la ejecución con rutinas de mkiss_ioctl. Sin embargo, no puede detener la rutina que proviene de la capa superior, es decir, ax25_sendmsg. 2. netif_stop_queue(ax->dev). Parece que esta línea de código tiene como objetivo detener la cola de transmisión pero no logra detener la rutina que ya se está transmitiendo. Este parche reordena kfree después de unregister_netdev para evitar el posible UAF ya que unregister_netdev() está bien sincronizado y no regresará si hay una rutina en ejecución.
CVE Modified by kernel.org3/19/2024 10:15:07 AM
Action
Type
Old Value
New Value
Changed
Description
In the Linux kernel, the following vulnerability has been resolved:
hamradio: defer ax25 kfree after unregister_netdev
There is a possible race condition (use-after-free) like below
(USE) | (FREE)
ax25_sendmsg |
ax25_queue_xmit |
dev_queue_xmit |
__dev_queue_xmit |
__dev_xmit_skb |
sch_direct_xmit | ...
xmit_one |
netdev_start_xmit | tty_ldisc_kill
__netdev_start_xmit | mkiss_close
ax_xmit | kfree
ax_encaps |
|
Even though there are two synchronization primitives before the kfree:
1. wait_for_completion(&ax->dead). This can prevent the race with
routines from mkiss_ioctl. However, it cannot stop the routine coming
from upper layer, i.e., the ax25_sendmsg.
2. netif_stop_queue(ax->dev). It seems that this line of code aims to
halt the transmit queue but it fails to stop the routine that already
being xmit.
This patch reorder the kfree after the unregister_netdev to avoid the
possible UAF as the unregister_netdev() is well synchronized and won't
return if there is a running routine.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New CVE Received from kernel.org3/04/2024 1:15:07 PM
Action
Type
Old Value
New Value
Added
Description
In the Linux kernel, the following vulnerability has been resolved:
hamradio: defer ax25 kfree after unregister_netdev
There is a possible race condition (use-after-free) like below
(USE) | (FREE)
ax25_sendmsg |
ax25_queue_xmit |
dev_queue_xmit |
__dev_queue_xmit |
__dev_xmit_skb |
sch_direct_xmit | ...
xmit_one |
netdev_start_xmit | tty_ldisc_kill
__netdev_start_xmit | mkiss_close
ax_xmit | kfree
ax_encaps |
|
Even though there are two synchronization primitives before the kfree:
1. wait_for_completion(&ax->dead). This can prevent the race with
routines from mkiss_ioctl. However, it cannot stop the routine coming
from upper layer, i.e., the ax25_sendmsg.
2. netif_stop_queue(ax->dev). It seems that this line of code aims to
halt the transmit queue but it fails to stop the routine that already
being xmit.
This patch reorder the kfree after the unregister_netdev to avoid the
possible UAF as the unregister_netdev() is well synchronized and won't
return if there is a running routine.
Added
Reference
Linux https://git.kernel.org/stable/c/3e0588c291d6ce225f2b891753ca41d45ba42469 [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/450121075a6a6f1d50f97225d3396315309d61a1 [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/896193a02a2981e60c40d4614fd095ce92135ccd [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/8a1a314965a17c62084a056b4f2cb7a770854c90 [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/b5b193d0c67180fefdc664650138e3b7959df615 [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/cb6c99aedd2c843056a598a8907a6128cb07603b [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/eaa816a86e629cbcc0a94f38391fee09231628c7 [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/ef5f7bfa19e3fc366f4c6d1a841ceaddf7a9f5d4 [No types assigned]
Quick Info
CVE Dictionary Entry: CVE-2021-47084 NVD
Published Date: 03/04/2024 NVD
Last Modified: 03/19/2024
Source: kernel.org
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
