Vulnerability/
CVE-2021-47068

7.8

CWE

416

29/2/2024

19/12/2024

CVE-2021-47068: net/nfc: fix use-after-free llcp_sock_bind/connect

First published: Thu Feb 29 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()") fixed a refcount leak bug in bind/connect but introduced a use-after-free if the same local is assigned to 2 different sockets. This can be triggered by the following simple program: int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); int sock2 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); memset( &addr, 0, sizeof(struct sockaddr_nfc_llcp) ); addr.sa_family = AF_NFC; addr.nfc_protocol = NFC_PROTO_NFC_DEP; bind( sock1, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) ) bind( sock2, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) ) close(sock1); close(sock2); Fix this by assigning NULL to llcp_sock->local after calling nfc_llcp_local_put. This addresses CVE-2021-23134.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Linux kernel	>=4.4.267<4.4.269
Linux Linux kernel	>=4.9.267<4.9.269
Linux Linux kernel	>=4.14.231<4.14.233
Linux Linux kernel	>=4.19.187<4.19.191
Linux Linux kernel	>=5.4.112<5.4.119
Linux Linux kernel	>=5.10.30<5.10.37
Linux Linux kernel	>=5.11.14<5.11.21
Linux Linux kernel	>=5.12<5.12.4

Remedy

https://git.kernel.org/stable/c/18175fe17ae043a0b81e5d511f8817825784c299

Remedy

https://git.kernel.org/stable/c/18ae4a192a4496e48a5490b52812645d2413307c

Remedy

https://git.kernel.org/stable/c/26157c82ba756767b2bd66d28a71b1bc454447f6

Remedy

https://git.kernel.org/stable/c/374cdde4dcc9c909a60713abdbbf96d5e3e09f91

Remedy

https://git.kernel.org/stable/c/48fba458fe54cc2a980a05c13e6c19b8b2cfb610

Remedy

https://git.kernel.org/stable/c/6b7021ed36dabf29e56842e3408781cd3b82ef6e

Remedy

https://git.kernel.org/stable/c/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6

Remedy

https://git.kernel.org/stable/c/ccddad6dd28530e716448e594c9ca7c76ccd0570

Remedy

https://git.kernel.org/stable/c/e32352070bcac22be6ed8ab635debc280bb65b8c

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Example email

Reference Links

agent/weakness
agent/title
agent/references
agent/description
agent/first-publish-date
agent/type
agent/author
agent/event
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/remedy
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/tags
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/4.4.267
version/linux linux kernel/4.9.267
version/linux linux kernel/4.14.231
version/linux linux kernel/4.19.187
version/linux linux kernel/5.4.112
version/linux linux kernel/5.10.30
version/linux linux kernel/5.11.14
version/linux linux kernel/5.12

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203