CVE-2021-47132
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix sk_forward_memory corruption on retransmission
MPTCP sk_forward_memory handling is a bit special, as such field is protected by the msk socket spin_lock, instead of the plain socket lock.
Currently we have a code path updating such field without handling the relevant lock:
__mptcp_retrans() -> __mptcp_clean_una_wakeup()
Several helpers in __mptcp_clean_una_wakeup() will update sk_forward_alloc, possibly causing such field corruption, as reported by Matthieu.
Address the issue providing and using a new variant of blamed function which explicitly acquires the msk spin lock.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 64b9cea7a0afe579dd2682f1f1c04f2e4e72fd25 < b9c78b1a95966a7bd2ddae05b73eafc0cda4fba3 | affected |
| Linux | Linux | 64b9cea7a0afe579dd2682f1f1c04f2e4e72fd25 < b5941f066b4ca331db225a976dae1d6ca8cf0ae3 | affected |
| Linux | Linux | 96db8ffef07516a6d7414b6988f2a4298a839977 | affected |
| Linux | Linux | 5.11.4 < 5.12 | affected |
| Linux | Linux | 5.12 | affected |
| Linux | Linux | 0 < 5.12 | unaffected |
| Linux | Linux | 5.12.10 <= 5.12.* | unaffected |
| Linux | Linux | 5.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/b9c78b1a95966a7bd2ddae05b73eafc0cda4fba3
- https://git.kernel.org/stable/c/b5941f066b4ca331db225a976dae1d6ca8cf0ae3
References
- https://git.kernel.org/stable/c/b9c78b1a95966a7bd2ddae05b73eafc0cda4fba3
- https://git.kernel.org/stable/c/b5941f066b4ca331db225a976dae1d6ca8cf0ae3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.