nvd-json-data-feeds/CVE-2021/CVE-2021-475xx/CVE-2021-47517.json

{
  "id": "CVE-2021-47517",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-05-24T15:15:13.347",
  "lastModified": "2024-05-24T18:09:20.027",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: do not perform operations on net devices being unregistered\n\nThere is a short period between a net device starts to be unregistered\nand when it is actually gone. In that time frame ethtool operations\ncould still be performed, which might end up in unwanted or undefined\nbehaviours[1].\n\nDo not allow ethtool operations after a net device starts its\nunregistration. This patch targets the netlink part as the ioctl one\nisn't affected: the reference to the net device is taken and the\noperation is executed within an rtnl lock section and the net device\nwon't be found after unregister.\n\n[1] For example adding Tx queues after unregister ends up in NULL\n    pointer exceptions and UaFs, such as:\n\n      BUG: KASAN: use-after-free in kobject_get+0x14/0x90\n      Read of size 1 at addr ffff88801961248c by task ethtool/755\n\n      CPU: 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778\n      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014\n      Call Trace:\n       dump_stack_lvl+0x57/0x72\n       print_address_description.constprop.0+0x1f/0x140\n       kasan_report.cold+0x7f/0x11b\n       kobject_get+0x14/0x90\n       kobject_add_internal+0x3d1/0x450\n       kobject_init_and_add+0xba/0xf0\n       netdev_queue_update_kobjects+0xcf/0x200\n       netif_set_real_num_tx_queues+0xb4/0x310\n       veth_set_channels+0x1c3/0x550\n       ethnl_set_channels+0x524/0x610"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ethtool: no realiza operaciones en dispositivos de red que se est\u00e1n dando de baja. Hay un breve per\u00edodo entre que un dispositivo de red comienza a darse de baja y cuando realmente desaparece. En ese per\u00edodo a\u00fan se podr\u00edan realizar operaciones de ethtool, lo que podr\u00eda terminar en comportamientos no deseados o indefinidos[1]. No permita operaciones de ethtool despu\u00e9s de que un dispositivo de red inicie su cancelaci\u00f3n del registro. Este parche apunta a la parte netlink ya que la parte ioctl no se ve afectada: se toma la referencia al dispositivo de red y la operaci\u00f3n se ejecuta dentro de una secci\u00f3n de bloqueo rtnl y el dispositivo de red no se encontrar\u00e1 despu\u00e9s de cancelar el registro. [1] Por ejemplo, agregar colas de Tx despu\u00e9s de cancelar el registro termina en excepciones de puntero NULL y UaF, como: ERROR: KASAN: use-after-free en kobject_get+0x14/0x90 Lectura de tama\u00f1o 1 en la direcci\u00f3n ffff88801961248c mediante la tarea ethtool/755 CPU : 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778 Nombre de hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014 Seguimiento de llamadas: dump_stack_lvl+0x57/0x72 print_address_description.constprop.0+0x1f/0x140 kasan_report.cold+0x7f/0x11b kobject_get+0x14/0x90 kobject_add_internal+0x3d1/0x450 kobject_init_and_add+0xba/0xf0 netdev_queue_update_kobjects+0xcf/0x200 netif_set_real_num_tx_queues+0xb4/0x310 veth_set_channels+0x1c3/0x550 ethnl_set_channels+0x524/ 0x610"
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/7c26da3be1e9843a15b5318f90db8a564479d2ac",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/cfd719f04267108f5f5bf802b9d7de69e99a99f9",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/dde91ccfa25fd58f64c397d91b81a4b393100ffa",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ]
}