CVE-2021-47082
Vulnerability from cvelistv5
Published
2024-03-04 18:06
Modified
2024-11-04 11:59
Severity ?
EPSS score ?
Summary
tun: avoid double free in tun_free_netdev
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T16:05:48.438280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:14:25.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8eb43d635950e27c29f1e9e49a23b31637f37757"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c0e566f0387490d16f166808c72e9c772027681"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a01a4e9f5dc93335c716fa4023b1901956e8c904"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cb5ae77799e8ed6ec3fec0b6b4cd07f01650cc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/158b515f703e75e7d68289bf4d98c664e1d632df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8eb43d635950",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "0c0e566f0387",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "a01a4e9f5dc9",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "3cb5ae77799e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "158b515f703e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.240",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntun: avoid double free in tun_free_netdev\n\nAvoid double free in tun_free_netdev() by moving the\ndev-\u003etstats and tun-\u003esecurity allocs to a new ndo_init routine\n(tun_net_init()) that will be called by register_netdevice().\nndo_init is paired with the desctructor (tun_free_netdev()),\nso if there\u0027s an error in register_netdevice() the destructor\nwill handle the frees.\n\nBUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\n\nCPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1\nHardware name: Red Hat KVM, BIOS\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106\nprint_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:247\nkasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372\n____kasan_slab_free mm/kasan/common.c:346 [inline]\n__kasan_slab_free+0x107/0x120 mm/kasan/common.c:374\nkasan_slab_free include/linux/kasan.h:235 [inline]\nslab_free_hook mm/slub.c:1723 [inline]\nslab_free_freelist_hook mm/slub.c:1749 [inline]\nslab_free mm/slub.c:3513 [inline]\nkfree+0xac/0x2d0 mm/slub.c:4561\nselinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\nsecurity_tun_dev_free_security+0x4f/0x90 security/security.c:2342\ntun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215\nnetdev_run_todo+0x4df/0x840 net/core/dev.c:10627\nrtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112\n__tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302\ntun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:874 [inline]\n__se_sys_ioctl fs/ioctl.c:860 [inline]\n__x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:59:05.294Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8eb43d635950e27c29f1e9e49a23b31637f37757"
},
{
"url": "https://git.kernel.org/stable/c/0c0e566f0387490d16f166808c72e9c772027681"
},
{
"url": "https://git.kernel.org/stable/c/a01a4e9f5dc93335c716fa4023b1901956e8c904"
},
{
"url": "https://git.kernel.org/stable/c/3cb5ae77799e8ed6ec3fec0b6b4cd07f01650cc5"
},
{
"url": "https://git.kernel.org/stable/c/158b515f703e75e7d68289bf4d98c664e1d632df"
}
],
"title": "tun: avoid double free in tun_free_netdev",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47082",
"datePublished": "2024-03-04T18:06:17.081Z",
"dateReserved": "2024-02-29T22:33:44.298Z",
"dateUpdated": "2024-11-04T11:59:05.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-47082\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-04T18:15:07.120\",\"lastModified\":\"2024-03-05T13:41:01.900\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntun: avoid double free in tun_free_netdev\\n\\nAvoid double free in tun_free_netdev() by moving the\\ndev-\u003etstats and tun-\u003esecurity allocs to a new ndo_init routine\\n(tun_net_init()) that will be called by register_netdevice().\\nndo_init is paired with the desctructor (tun_free_netdev()),\\nso if there\u0027s an error in register_netdevice() the destructor\\nwill handle the frees.\\n\\nBUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\\n\\nCPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1\\nHardware name: Red Hat KVM, BIOS\\nCall Trace:\\n\u003cTASK\u003e\\n__dump_stack lib/dump_stack.c:88 [inline]\\ndump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106\\nprint_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:247\\nkasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372\\n____kasan_slab_free mm/kasan/common.c:346 [inline]\\n__kasan_slab_free+0x107/0x120 mm/kasan/common.c:374\\nkasan_slab_free include/linux/kasan.h:235 [inline]\\nslab_free_hook mm/slub.c:1723 [inline]\\nslab_free_freelist_hook mm/slub.c:1749 [inline]\\nslab_free mm/slub.c:3513 [inline]\\nkfree+0xac/0x2d0 mm/slub.c:4561\\nselinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\\nsecurity_tun_dev_free_security+0x4f/0x90 security/security.c:2342\\ntun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215\\nnetdev_run_todo+0x4df/0x840 net/core/dev.c:10627\\nrtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112\\n__tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302\\ntun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311\\nvfs_ioctl fs/ioctl.c:51 [inline]\\n__do_sys_ioctl fs/ioctl.c:874 [inline]\\n__se_sys_ioctl fs/ioctl.c:860 [inline]\\n__x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860\\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\\ndo_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80\\nentry_SYSCALL_64_after_hwframe+0x44/0xae\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tun: evita la doble liberaci\u00f3n en tun_free_netdev Evita la doble liberaci\u00f3n en tun_free_netdev() moviendo las asignaciones dev-\u0026gt;tstats y tun-\u0026gt;security a una nueva rutina ndo_init (tun_net_init()) que ser\u00e1 llamado por Register_netdevice(). ndo_init est\u00e1 emparejado con el destructor (tun_free_netdev()), por lo que si hay un error en Register_netdevice() el destructor manejar\u00e1 las liberaciones. ERROR: KASAN: doble liberaci\u00f3n o no v\u00e1lido en selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605 CPU: 0 PID: 25750 Comm: syz-executor416 No contaminado 5.16.0-rc2-syzk #1 Nombre de hardware : Red Hat KVM, seguimiento de llamadas de BIOS: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106 print_address_description.constprop.9+0x28/0x160 mm/kasan/report. c:247 kasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372 ____kasan_slab_free mm/kasan/common.c:346 [en l\u00ednea] __kasan_slab_free+0x107/0x120 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan .h:235 [en l\u00ednea] slab_free_hook mm/slub.c:1723 [en l\u00ednea] slab_free_freelist_hook mm/slub.c:1749 [en l\u00ednea] slab_free mm/slub.c:3513 [en l\u00ednea] kfree+0xac/0x2d0 mm/slub.c :4561 selinux_tun_dev_free_security+0x1a/0x20 seguridad/selinux/hooks.c:5605 seguridad_tun_dev_free_security+0x4f/0x90 seguridad/seguridad.c:2342 tun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215 netdev_run_todo+0x4df/0x840 net/ n\u00facleo /dev.c:10627 rtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112 __tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302 tun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311 vfs_ioctl fs /ioctl.c:51 [en l\u00ednea] __do_sys_ioctl fs/ioctl.c:874 [en l\u00ednea] __se_sys_ioctl fs/ioctl.c:860 [en l\u00ednea] __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/ common.c:50 [en l\u00ednea] do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x44/0xae\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0c0e566f0387490d16f166808c72e9c772027681\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/158b515f703e75e7d68289bf4d98c664e1d632df\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3cb5ae77799e8ed6ec3fec0b6b4cd07f01650cc5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8eb43d635950e27c29f1e9e49a23b31637f37757\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a01a4e9f5dc93335c716fa4023b1901956e8c904\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.