CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
13.0%
In the Linux kernel, the following vulnerability has been resolved: net:
batman-adv: fix error handling Syzbot reported ODEBUG warning in
batadv_nc_mesh_free(). The problem was in wrong error handling in
batadv_mesh_init(). Before this patch batadv_mesh_init() was calling
batadv_mesh_free() in case of any batadv_init() calls failure. This
approach may work well, when there is some kind of indicator, which can
tell which parts of batadv are initialized; but there isn’t any. All
written above lead to cleaning up uninitialized fields. Even if we hide
ODEBUG warning by initializing bat_priv->nc.work, syzbot was able to hit
GPF in batadv_nc_purge_paths(), because hash pointer in still NULL. [1] To
fix these bugs we can unwind batadvinit() calls one by one. It is good
approach for 2 reasons: 1) It fixes bugs on error handling path 2) It
improves the performance, since we won’t call unneeded batadvfree()
functions. So, this patch makes all batadvinit() clean up all allocated
memory before returning with an error to no call correspoing
batadv*_free() and open-codes batadv_mesh_free() with proper order to
avoid touching uninitialized fields.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-4.15 | < any | UNKNOWN |
git.kernel.org/linus/6f68cd634856f8ca93bafd623ba5357e0f648c68 (5.15)
git.kernel.org/stable/c/07533f1a673ce1126d0a72ef1e4b5eaaa3dd6d20
git.kernel.org/stable/c/0c6b199f09be489c48622537a550787fc80aea73
git.kernel.org/stable/c/6422e8471890273994fe8cc6d452b0dcd2c9483e
git.kernel.org/stable/c/6f68cd634856f8ca93bafd623ba5357e0f648c68
git.kernel.org/stable/c/a8f7359259dd5923adc6129284fdad12fc5db347
git.kernel.org/stable/c/b0a2cd38553c77928ef1646ed1518486b1e70ae8
git.kernel.org/stable/c/e50f957652190b5a88a8ebce7e5ab14ebd0d3f00
git.kernel.org/stable/c/fbf150b16a3635634b7dfb7f229d8fcd643c6c51
launchpad.net/bugs/cve/CVE-2021-47482
nvd.nist.gov/vuln/detail/CVE-2021-47482
security-tracker.debian.org/tracker/CVE-2021-47482
www.cve.org/CVERecord?id=CVE-2021-47482