cve-2021-47125
Vulnerability from cvelistv5
Published
2024-03-15 20:14
Modified
2024-11-04 11:59
Severity ?
Summary
sch_htb: fix refcount leak in htb_parent_to_leaf_offload
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47125",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-18T15:30:07.969096Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:14:48.759Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2411c02d03892a5057499f8102d0cc1e0f852416"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/944d671d5faa0d78980a3da5c0f04960ef1ad893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_htb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2411c02d0389",
              "status": "affected",
              "version": "ae81feb7338c",
              "versionType": "git"
            },
            {
              "lessThan": "944d671d5faa",
              "status": "affected",
              "version": "ae81feb7338c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_htb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_htb: fix refcount leak in htb_parent_to_leaf_offload\n\nThe commit ae81feb7338c (\"sch_htb: fix null pointer dereference\non a null new_q\") fixes a NULL pointer dereference bug, but it\nis not correct.\n\nBecause htb_graft_helper properly handles the case when new_q\nis NULL, and after the previous patch by skipping this call\nwhich creates an inconsistency : dev_queue-\u003eqdisc will still\npoint to the old qdisc, but cl-\u003eparent-\u003eleaf.q will point to\nthe new one (which will be noop_qdisc, because new_q was NULL).\nThe code is based on an assumption that these two pointers are\nthe same, so it can lead to refcount leaks.\n\nThe correct fix is to add a NULL pointer check to protect\nqdisc_refcount_inc inside htb_parent_to_leaf_offload."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T11:59:54.271Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2411c02d03892a5057499f8102d0cc1e0f852416"
        },
        {
          "url": "https://git.kernel.org/stable/c/944d671d5faa0d78980a3da5c0f04960ef1ad893"
        }
      ],
      "title": "sch_htb: fix refcount leak in htb_parent_to_leaf_offload",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47125",
    "datePublished": "2024-03-15T20:14:30.285Z",
    "dateReserved": "2024-03-04T18:12:48.839Z",
    "dateUpdated": "2024-11-04T11:59:54.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47125\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-15T21:15:07.307\",\"lastModified\":\"2024-03-17T22:38:29.433\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nsch_htb: fix refcount leak in htb_parent_to_leaf_offload\\n\\nThe commit ae81feb7338c (\\\"sch_htb: fix null pointer dereference\\non a null new_q\\\") fixes a NULL pointer dereference bug, but it\\nis not correct.\\n\\nBecause htb_graft_helper properly handles the case when new_q\\nis NULL, and after the previous patch by skipping this call\\nwhich creates an inconsistency : dev_queue-\u003eqdisc will still\\npoint to the old qdisc, but cl-\u003eparent-\u003eleaf.q will point to\\nthe new one (which will be noop_qdisc, because new_q was NULL).\\nThe code is based on an assumption that these two pointers are\\nthe same, so it can lead to refcount leaks.\\n\\nThe correct fix is to add a NULL pointer check to protect\\nqdisc_refcount_inc inside htb_parent_to_leaf_offload.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sch_htb: corrige la fuga de recuento en htb_parent_to_leaf_offload el commit ae81feb7338c (\\\"sch_htb: corrige la desreferencia del puntero nulo en un new_q nulo\\\") corrige un error de desreferencia del puntero NULL, pero no es correcto. Debido a que htb_graft_helper maneja adecuadamente el caso cuando new_q es NULL, y despu\u00e9s del parche anterior al omitir esta llamada, se crea una inconsistencia: dev_queue-\u0026gt;qdisc seguir\u00e1 apuntando a la qdisc anterior, pero cl-\u0026gt;parent-\u0026gt;leaf.q apuntar\u00e1 a el nuevo (que ser\u00e1 noop_qdisc, porque new_q era NULL). El c\u00f3digo se basa en la suposici\u00f3n de que estos dos indicadores son iguales, por lo que puede provocar fugas de recuento. La soluci\u00f3n correcta es agregar una verificaci\u00f3n de puntero NULL para proteger qdisc_refcount_inc dentro de htb_parent_to_leaf_offload.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2411c02d03892a5057499f8102d0cc1e0f852416\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/944d671d5faa0d78980a3da5c0f04960ef1ad893\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.