CVE-2021-47276

ftrace: Do not blindly read the ip address in ftrace_bug()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Do not blindly read the ip address in ftrace_bug()

It was reported that a bug on arm64 caused a bad ip address to be used for
updating into a nop in ftrace_init(), but the error path (rightfully)
returned -EINVAL and not -EFAULT, as the bug caused more than one error to
occur. But because -EINVAL was returned, the ftrace_bug() tried to report
what was at the location of the ip address, and read it directly. This
caused the machine to panic, as the ip was not pointing to a valid memory
address.

Instead, read the ip address with copy_from_kernel_nofault() to safely
access the memory, and if it faults, report that the address faulted,
otherwise report what was in that location.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ftrace: no lea ciegamente la dirección IP en ftrace_bug(). Se informó que un error en arm64 provocó que se usara una dirección IP incorrecta para actualizar a un nop en ftrace_init() , pero la ruta de error (con razón) devolvió -EINVAL y no -EFAULT, ya que el error provocó que ocurriera más de un error. Pero debido a que se devolvió -EINVAL, ftrace_bug() intentó informar qué había en la ubicación de la dirección IP y leerlo directamente. Esto provocó que la máquina entrara en pánico, ya que la IP no apuntaba a una dirección de memoria válida. En su lugar, lea la dirección IP con copy_from_kernel_nofault() para acceder de forma segura a la memoria y, si falla, informe que la dirección falló; de lo contrario, informe qué había en esa ubicación.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/05736a427f7e16be948ccbf39782bd3a6ae16b14	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0bc62e398bbd9e600959e610def5109957437b28	2021-06-16
https://git.kernel.org/stable/c/4aedc2bc2b32c93555f47c95610efb89cc1ec09b	2021-06-16
https://git.kernel.org/stable/c/acf671ba79c1feccc3ec7cfdcffead4efcec49e7	2021-06-16
https://git.kernel.org/stable/c/862dcc14f2803c556bdd73b43c27b023fafce2fb	2021-06-16
https://git.kernel.org/stable/c/7e4e824b109f1d41ccf223fbb0565d877d6223a2	2021-06-16
https://git.kernel.org/stable/c/97524384762c1fb9b3ded931498dd2047bd0de81	2021-06-16
https://git.kernel.org/stable/c/3e4ddeb68751fb4fb657199aed9cfd5d02796875	2021-06-16
https://git.kernel.org/stable/c/6c14133d2d3f768e0a35128faac8aa6ed4815051	2021-06-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.28 < 4.4.273 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 4.4.273"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.28 < 4.9.273 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 4.9.273"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.28 < 4.14.237 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 4.14.237"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.28 < 4.19.195 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 4.19.195"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.28 < 5.4.126 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 5.4.126"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.28 < 5.10.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 5.10.44"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.28 < 5.12.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 5.12.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.28 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 5.13"		en		Affected