Описание
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
A flaw use-after-free in the Linux kernel CIPSO network packet labeling protocol functionality was found in the way user open local network connection with the usage of the security labeling that is IP option number 134. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.
Отчет
Considered to be Moderate rate, because by default CIPSO non-enabled and both no known way to reproduce the attack remotely and both it looks complex if even possible to use the attack in any way apart from crashing the system. For the usage of the inbound CIPSO connections, the administrator have to enable it with netlabelctl utility first. The vulnerability is considered to be for local user, because it can happen only when a local user opens a socket for sending packets, but not during receiving packets.
Меры по смягчению последствий
The mitigation would be not allowing CIPSO labeling for the inbound network connections. For the most of the default configurations both for network routers and for the Linux servers itself it is disabled by default.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Will not fix | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2021:2726 | 21.07.2021 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2021:2725 | 21.07.2021 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2021:4140 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2021:4356 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genop ...
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
EPSS
7.8 High
CVSS3