4.7

CVE-2021-47248

udp: fix race between close() and udp_abort()

In the Linux kernel, the following vulnerability has been resolved:

udp: fix race between close() and udp_abort()

Kaustubh reported and diagnosed a panic in udp_lib_lookup().
The root cause is udp_abort() racing with close(). Both
racing functions acquire the socket lock, but udp{v6}_destroy_sock()
release it before performing destructive actions.

We can't easily extend the socket lock scope to avoid the race,
instead use the SOCK_DEAD flag to prevent udp_abort from doing
any action when the critical race happens.

Diagnosed-and-tested-by: Kaustubh Pandey <kapandey@codeaurora.org>
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.9 < 4.9.274
LinuxLinux Kernel Version >= 4.10 < 4.14.238
LinuxLinux Kernel Version >= 4.15 < 4.19.196
LinuxLinux Kernel Version >= 4.20 < 5.4.128
LinuxLinux Kernel Version >= 5.5 < 5.10.46
LinuxLinux Kernel Version >= 5.11 < 5.12.13
LinuxLinux Kernel Version5.13 Updaterc1
LinuxLinux Kernel Version5.13 Updaterc2
LinuxLinux Kernel Version5.13 Updaterc3
LinuxLinux Kernel Version5.13 Updaterc4
LinuxLinux Kernel Version5.13 Updaterc5
LinuxLinux Kernel Version5.13 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.076
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/2f73448041bd0682d4b552cfd314ace66107f1ad
Patch
https://git.kernel.org/stable/c/5a88477c1c85e4baa51e91f2d40f2166235daa56
Patch
https://git.kernel.org/stable/c/65310b0aff86980a011c7c7bfa487a333d4ca241
Patch
https://git.kernel.org/stable/c/8729ec8a2238152a4afc212a331a6cd2c61aeeac
Patch
https://git.kernel.org/stable/c/a0882f68f54f7a8b6308261acee9bd4faab5a69e
Patch
https://git.kernel.org/stable/c/a8b897c7bcd47f4147d066e22cc01d1026d7640e
Patch
https://git.kernel.org/stable/c/e3c36c773aed0fef8b1d3d555b43393ec564400f
Patch