You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to
https://nvd.nist.gov
An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
This CVE has been marked Rejected in the CVE List. These CVEs are stored in the NVD, but do not show up in search results by default.
Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Metrics
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected].
Title: kernel de Linux
Description: En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: hamradio: mejora la solución incompleta para evitar NPD. El commit anterior 3e0588c291d6 ("hamradio: defer ax25 kfree after unregister_netdev") reordena las operaciones kfree y unregister_netdev para prevenir UAF. Esta confirmación mejora la anterior al diferir también la anulación del puntero ax->tty. De lo contrario, se produce un error de desreferencia del puntero NULL. A continuación se muestra parte del seguimiento de la pila. ERROR: desreferencia del puntero NULL del kernel, dirección: 0000000000000538 RIP: 0010:ax_xmit+0x1f9/0x400... Seguimiento de llamadas: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_x mit+0x2c7/0xaf0 ax25_std_establecer_data_link+0x59/0x60 ax25_connect+0x3a0/0x500? seguridad_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0? common_nsleep+0x2e/0x50? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 Entry_SYSCALL_64_after_hwframe+0x44/0xa9 El punto de bloqueo se muestra a continuación static void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax-> tty->banderas ); // hacha->tty = NULL! ... } Al colocar la acción de anulación después de unregister_netdev, el puntero ax->tty no se asignará ya que la capa de marco NULL net_device está bien sincronizada.
CVE Modified by kernel.org3/19/2024 10:15:07 AM
Action
Type
Old Value
New Value
Changed
Description
In the Linux kernel, the following vulnerability has been resolved:
hamradio: improve the incomplete fix to avoid NPD
The previous commit 3e0588c291d6 ("hamradio: defer ax25 kfree after
unregister_netdev") reorder the kfree operations and unregister_netdev
operation to prevent UAF.
This commit improves the previous one by also deferring the nullify of
the ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.
Partial of the stack trace is shown below.
BUG: kernel NULL pointer dereference, address: 0000000000000538
RIP: 0010:ax_xmit+0x1f9/0x400
...
Call Trace:
dev_hard_start_xmit+0xec/0x320
sch_direct_xmit+0xea/0x240
__qdisc_run+0x166/0x5c0
__dev_queue_xmit+0x2c7/0xaf0
ax25_std_establish_data_link+0x59/0x60
ax25_connect+0x3a0/0x500
? security_socket_connect+0x2b/0x40
__sys_connect+0x96/0xc0
? __hrtimer_init+0xc0/0xc0
? common_nsleep+0x2e/0x50
? switch_fpu_return+0x139/0x1a0
__x64_sys_connect+0x11/0x20
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The crash point is shown as below
static void ax_encaps(...) {
...
set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL!
...
}
By placing the nullify action after the unregister_netdev, the ax->tty
pointer won't be assigned as NULL net_device framework layer is well
synchronized.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New CVE Received from kernel.org3/04/2024 1:15:07 PM
Action
Type
Old Value
New Value
Added
Description
In the Linux kernel, the following vulnerability has been resolved:
hamradio: improve the incomplete fix to avoid NPD
The previous commit 3e0588c291d6 ("hamradio: defer ax25 kfree after
unregister_netdev") reorder the kfree operations and unregister_netdev
operation to prevent UAF.
This commit improves the previous one by also deferring the nullify of
the ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.
Partial of the stack trace is shown below.
BUG: kernel NULL pointer dereference, address: 0000000000000538
RIP: 0010:ax_xmit+0x1f9/0x400
...
Call Trace:
dev_hard_start_xmit+0xec/0x320
sch_direct_xmit+0xea/0x240
__qdisc_run+0x166/0x5c0
__dev_queue_xmit+0x2c7/0xaf0
ax25_std_establish_data_link+0x59/0x60
ax25_connect+0x3a0/0x500
? security_socket_connect+0x2b/0x40
__sys_connect+0x96/0xc0
? __hrtimer_init+0xc0/0xc0
? common_nsleep+0x2e/0x50
? switch_fpu_return+0x139/0x1a0
__x64_sys_connect+0x11/0x20
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The crash point is shown as below
static void ax_encaps(...) {
...
set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL!
...
}
By placing the nullify action after the unregister_netdev, the ax->tty
pointer won't be assigned as NULL net_device framework layer is well
synchronized.
Added
Reference
Linux https://git.kernel.org/stable/c/03d00f7f1815ec00dab5035851b3de83afd054a8 [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/371a874ea06f147d6ca30be43dad33683965eba6 [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/7dd52af1eb5798f590d9d9e1c56ed8f5744ee0ca [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/83ba6ec97c74fb1a60f7779a26b6a94b28741d8a [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/a5c6a13e9056d87805ba3042c208fbd4164ad22b [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/a7b0ae2cc486fcb601f9f9d87d98138cc7b7f7f9 [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/b2f37aead1b82a770c48b5d583f35ec22aabb61e [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/b68f41c6320b2b7fbb54a95f07a69f3dc7e56c59 [No types assigned]
Quick Info
CVE Dictionary Entry: CVE-2021-47085 NVD
Published Date: 03/04/2024 NVD
Last Modified: 03/19/2024
Source: kernel.org
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
