CVE-2021-47223
net: bridge: fix vlan tunnel dst null pointer dereference
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: fix vlan tunnel dst null pointer dereference
This patch fixes a tunnel_dst null pointer dereference due to lockless
access in the tunnel egress path. When deleting a vlan tunnel the
tunnel_dst pointer is set to NULL without waiting a grace period (i.e.
while it's still usable) and packets egressing are dereferencing it
without checking. Use READ/WRITE_ONCE to annotate the lockless use of
tunnel_id, use RCU for accessing tunnel_dst and make sure it is read
only once and checked in the egress path. The dst is already properly RCU
protected so we don't need to do anything fancy than to make sure
tunnel_id and tunnel_dst are read only once and checked in the egress path.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bridge: corrige la desreferencia del puntero null del túnel vlan dst Este parche corrige una desreferencia del puntero null de Tunnel_dst debido al acceso sin bloqueo en la ruta de salida del túnel. Al eliminar un túnel VLAN, el puntero Tunnel_dst se establece en NULL sin esperar un período de gracia (es decir, mientras aún se puede utilizar) y los paquetes que salen lo desreferencian sin verificarlo. Use READ/WRITE_ONCE para anotar el uso sin bloqueo de Tunnel_id, use RCU para acceder a Tunnel_dst y asegúrese de que se lea solo una vez y se verifique en la ruta de salida. El dst ya está correctamente protegido por la RCU, por lo que no necesitamos hacer nada sofisticado más que asegurarnos de que Tunnel_id y Tunnel_dst se lean solo una vez y se verifiquen en la ruta de salida.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-10 CVE Reserved
- 2024-05-21 CVE Published
- 2024-05-22 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/11538d039ac6efcf4f1a6c536e1b87cd3668a9fd | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.11 < 4.14.238 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 4.14.238" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.11 < 4.19.196 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 4.19.196" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.11 < 5.4.128 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.4.128" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.11 < 5.10.46 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.10.46" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.11 < 5.12.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.12.13" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.11 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.13" | en |
Affected
| ||||||