CVE-2021-47068: net/nfc: fix use-after-free llcp_sock_bind/connect
First published: Thu Feb 29 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()") fixed a refcount leak bug in bind/connect but introduced a use-after-free if the same local is assigned to 2 different sockets. This can be triggered by the following simple program: int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); int sock2 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); memset( &addr, 0, sizeof(struct sockaddr_nfc_llcp) ); addr.sa_family = AF_NFC; addr.nfc_protocol = NFC_PROTO_NFC_DEP; bind( sock1, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) ) bind( sock2, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) ) close(sock1); close(sock2); Fix this by assigning NULL to llcp_sock->local after calling nfc_llcp_local_put. This addresses CVE-2021-23134.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=4.4.267<4.4.269 | |
| Linux Kernel | >=4.9.267<4.9.269 | |
| Linux Kernel | >=4.14.231<4.14.233 | |
| Linux Kernel | >=4.19.187<4.19.191 | |
| Linux Kernel | >=5.4.112<5.4.119 | |
| Linux Kernel | >=5.10.30<5.10.37 | |
| Linux Kernel | >=5.11.14<5.11.21 | |
| Linux Kernel | >=5.12<5.12.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/26157c82ba756767b2bd66d28a71b1bc454447f6
- https://git.kernel.org/stable/c/ccddad6dd28530e716448e594c9ca7c76ccd0570
- https://git.kernel.org/stable/c/18ae4a192a4496e48a5490b52812645d2413307c
- https://git.kernel.org/stable/c/48fba458fe54cc2a980a05c13e6c19b8b2cfb610
- https://git.kernel.org/stable/c/e32352070bcac22be6ed8ab635debc280bb65b8c
- https://git.kernel.org/stable/c/6b7021ed36dabf29e56842e3408781cd3b82ef6e
- https://git.kernel.org/stable/c/374cdde4dcc9c909a60713abdbbf96d5e3e09f91
- https://git.kernel.org/stable/c/18175fe17ae043a0b81e5d511f8817825784c299
- https://git.kernel.org/stable/c/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
Frequently Asked Questions
What is the severity of CVE-2021-47068?
CVE-2021-47068 is considered a moderate severity vulnerability due to its impact on memory management in the Linux kernel.
How do I fix CVE-2021-47068?
To fix CVE-2021-47068, update your Linux kernel to a version that includes the patches identified in the commits mentioned in the CVE description.
What versions of the Linux kernel are affected by CVE-2021-47068?
CVE-2021-47068 affects various versions of the Linux kernel between 4.4.267 to 4.4.269, 4.9.267 to 4.9.269, 4.14.231 to 4.14.233, 4.19.187 to 4.19.191, 5.4.112 to 5.4.119, 5.10.30 to 5.10.37, 5.11.14 to 5.11.21, and up to 5.12.4.
What types of issues does CVE-2021-47068 address in the Linux kernel?
CVE-2021-47068 addresses a use-after-free vulnerability that could lead to potential exploitation through improper memory management.
Are there any specific patches related to CVE-2021-47068?
Yes, CVE-2021-47068 has specific patches related to refcount leak issues in llcp_sock_bind and llcp_sock_connect functions.
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/remedy
- agent/severity
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.4.267
- version/linux kernel/4.9.267
- version/linux kernel/4.14.231
- version/linux kernel/4.19.187
- version/linux kernel/5.4.112
- version/linux kernel/5.10.30
- version/linux kernel/5.11.14
- version/linux kernel/5.12