cvelistv5 - cve-2021-47555

cve-2021-47555

Vulnerability from cvelistv5

Published

2024-05-24 15:09

Modified

2024-11-04 20:18

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Summary

net: vlan: fix underflow for the real_dev refcnt

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/01d9cc2dea3fde3bad6d27f464eff463496e2b00
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5e44178864b38dd70b877985abd7d86fdb95f27d
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/6e800ee43218a56acc93676bbb3d93b74779e555
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f7fc72a508cf115c273a7a29350069def1041890

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47555",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T16:50:13.639283Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T20:18:51.592Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5e44178864b38dd70b877985abd7d86fdb95f27d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e800ee43218a56acc93676bbb3d93b74779e555"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f7fc72a508cf115c273a7a29350069def1041890"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/01d9cc2dea3fde3bad6d27f464eff463496e2b00"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/8021q/vlan.c",
            "net/8021q/vlan_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5e44178864b3",
              "status": "affected",
              "version": "700602b662d7",
              "versionType": "git"
            },
            {
              "lessThan": "6e800ee43218",
              "status": "affected",
              "version": "e04a7a84bb77",
              "versionType": "git"
            },
            {
              "lessThan": "f7fc72a508cf",
              "status": "affected",
              "version": "21032425c36f",
              "versionType": "git"
            },
            {
              "lessThan": "01d9cc2dea3f",
              "status": "affected",
              "version": "563bcbae3ba2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/8021q/vlan.c",
            "net/8021q/vlan_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5.4.163",
              "status": "affected",
              "version": "5.4.160",
              "versionType": "semver"
            },
            {
              "lessThan": "5.10.83",
              "status": "affected",
              "version": "5.10.80",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.6",
              "status": "affected",
              "version": "5.15.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix underflow for the real_dev refcnt\n\nInject error before dev_hold(real_dev) in register_vlan_dev(),\nand execute the following testcase:\n\nip link add dev dummy1 type dummy\nip link add name dummy1.100 link dummy1 type vlan id 100\nip link del dev dummy1\n\nWhen the dummy netdevice is removed, we will get a WARNING as following:\n\n=======================================================================\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 2 PID: 0 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0\n\nand an endless loop of:\n\n=======================================================================\nunregister_netdevice: waiting for dummy1 to become free. Usage count = -1073741824\n\nThat is because dev_put(real_dev) in vlan_dev_free() be called without\ndev_hold(real_dev) in register_vlan_dev(). It makes the refcnt of real_dev\nunderflow.\n\nMove the dev_hold(real_dev) to vlan_dev_init() which is the call-back of\nndo_init(). That makes dev_hold() and dev_put() for vlan\u0027s real_dev\nsymmetrical."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T11:43:32.799Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5e44178864b38dd70b877985abd7d86fdb95f27d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e800ee43218a56acc93676bbb3d93b74779e555"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7fc72a508cf115c273a7a29350069def1041890"
        },
        {
          "url": "https://git.kernel.org/stable/c/01d9cc2dea3fde3bad6d27f464eff463496e2b00"
        }
      ],
      "title": "net: vlan: fix underflow for the real_dev refcnt",
      "x_generator": {
        "engine": "bippy-c8e10e5f6187"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47555",
    "datePublished": "2024-05-24T15:09:57.302Z",
    "dateReserved": "2024-05-24T15:02:54.833Z",
    "dateUpdated": "2024-11-04T20:18:51.592Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47555\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-24T15:15:20.237\",\"lastModified\":\"2024-11-04T21:35:02.123\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: vlan: fix underflow for the real_dev refcnt\\n\\nInject error before dev_hold(real_dev) in register_vlan_dev(),\\nand execute the following testcase:\\n\\nip link add dev dummy1 type dummy\\nip link add name dummy1.100 link dummy1 type vlan id 100\\nip link del dev dummy1\\n\\nWhen the dummy netdevice is removed, we will get a WARNING as following:\\n\\n=======================================================================\\nrefcount_t: decrement hit 0; leaking memory.\\nWARNING: CPU: 2 PID: 0 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0\\n\\nand an endless loop of:\\n\\n=======================================================================\\nunregister_netdevice: waiting for dummy1 to become free. Usage count = -1073741824\\n\\nThat is because dev_put(real_dev) in vlan_dev_free() be called without\\ndev_hold(real_dev) in register_vlan_dev(). It makes the refcnt of real_dev\\nunderflow.\\n\\nMove the dev_hold(real_dev) to vlan_dev_init() which is the call-back of\\nndo_init(). That makes dev_hold() and dev_put() for vlan\u0027s real_dev\\nsymmetrical.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: vlan: corrige el desbordamiento insuficiente para real_dev refcnt Inyecte el error antes de dev_hold(real_dev) en Register_vlan_dev() y ejecute el siguiente caso de prueba: ip link add dev dummy1 tipo dummy ip link add nombre dummy1.100 link dummy1 tipo vlan id 100 ip link del dev dummy1 Cuando se elimina el dispositivo de red ficticio, recibiremos una ADVERTENCIA como la siguiente: ===================== ==================================================== = refcount_t: decremento hit 0; p\u00e9rdida de memoria. ADVERTENCIA: CPU: 2 PID: 0 en lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 y un bucle sin fin de: ======================== ================================================= unregister_netdevice: esperando que el dummy1 quede libre. Recuento de uso = -1073741824 Esto se debe a que dev_put(real_dev) en vlan_dev_free() se llama sin dev_hold(real_dev) en Register_vlan_dev(). Hace que el refcnt de real_dev se desborde. Mueva dev_hold(real_dev) a vlan_dev_init() que es la devoluci\u00f3n de llamada de ndo_init(). Eso hace que dev_hold() y dev_put() para real_dev de vlan sean sim\u00e9tricos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/01d9cc2dea3fde3bad6d27f464eff463496e2b00\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5e44178864b38dd70b877985abd7d86fdb95f27d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6e800ee43218a56acc93676bbb3d93b74779e555\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f7fc72a508cf115c273a7a29350069def1041890\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

wid-sec-w-2024-1235

Vulnerability from csaf_certbund

Published

2024-05-26 22:00

Modified

2024-07-23 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder unspezifische Angriffe durchzuführen.

Betroffene Betriebssysteme

- Linux