vulnerability

Debian: CVE-2021-47459: linux -- security update

Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
05/22/2024
Added
07/30/2024
Modified
01/30/2025

Description

In the Linux kernel, the following vulnerability has been resolved:

can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv

It will trigger UAF for rx_kref of j1939_priv as following.

cpu0 cpu1
j1939_sk_bind(socket0, ndev0, ...)
j1939_netdev_start
j1939_sk_bind(socket1, ndev0, ...)
j1939_netdev_start
j1939_priv_set
j1939_priv_get_by_ndev_locked
j1939_jsk_add
.....
j1939_netdev_stop
kref_put_lock(&priv->rx_kref, ...)
kref_get(&priv->rx_kref, ...)
REFCOUNT_WARN("addition on 0;...")

====================================================
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 1 PID: 20874 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0
RIP: 0010:refcount_warn_saturate+0x169/0x1e0
Call Trace:
j1939_netdev_start+0x68b/0x920
j1939_sk_bind+0x426/0xeb0
? security_socket_bind+0x83/0xb0

The rx_kref's kref_get() and kref_put() should use j1939_netdev_lock to
protect.

Solution

debian-upgrade-linux
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.