CVE-2021-47068 : In the Linux kernel, the following vulnerability has been resolved: net/nfc: fi

In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()") fixed a refcount leak bug in bind/connect but introduced a use-after-free if the same local is assigned to 2 different sockets. This can be triggered by the following simple program: int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); int sock2 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); memset( &addr, 0, sizeof(struct sockaddr_nfc_llcp) ); addr.sa_family = AF_NFC; addr.nfc_protocol = NFC_PROTO_NFC_DEP; bind( sock1, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) ) bind( sock2, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) ) close(sock1); close(sock2); Fix this by assigning NULL to llcp_sock->local after calling nfc_llcp_local_put. This addresses CVE-2021-23134.

Published 2024-02-29 23:15:08

Updated 2024-12-10 19:50:49

Source Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2021-47068

Linux » Linux Kernel
Versions from including (>=) 5.4.112 and before (<) 5.4.119
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.10.30 and before (<) 5.10.37
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.4.267 and before (<) 4.4.269
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.14.231 and before (<) 4.14.233
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.19.187 and before (<) 4.19.191
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.9.267 and before (<) 4.9.269
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11.14 and before (<) 5.11.21
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.12 and before (<) 5.12.4
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47068

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 1 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47068

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2024-12-11
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-47068

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-47068

https://git.kernel.org/stable/c/18175fe17ae043a0b81e5d511f8817825784c299

net/nfc: fix use-after-free llcp_sock_bind/connect - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/e32352070bcac22be6ed8ab635debc280bb65b8c

net/nfc: fix use-after-free llcp_sock_bind/connect - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/18ae4a192a4496e48a5490b52812645d2413307c

net/nfc: fix use-after-free llcp_sock_bind/connect - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/ccddad6dd28530e716448e594c9ca7c76ccd0570

net/nfc: fix use-after-free llcp_sock_bind/connect - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/374cdde4dcc9c909a60713abdbbf96d5e3e09f91

net/nfc: fix use-after-free llcp_sock_bind/connect - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/48fba458fe54cc2a980a05c13e6c19b8b2cfb610

net/nfc: fix use-after-free llcp_sock_bind/connect - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/26157c82ba756767b2bd66d28a71b1bc454447f6

net/nfc: fix use-after-free llcp_sock_bind/connect - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/6b7021ed36dabf29e56842e3408781cd3b82ef6e

net/nfc: fix use-after-free llcp_sock_bind/connect - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6

net/nfc: fix use-after-free llcp_sock_bind/connect - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47068

Products affected by CVE-2021-47068

Exploit prediction scoring system (EPSS) score for CVE-2021-47068

CVSS scores for CVE-2021-47068

CWE ids for CVE-2021-47068

References for CVE-2021-47068