CVE-2021-4439

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-4439
In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->task = kthread_run(cmtp_session, session, "kcmtpd_ctr_%d", session->num); During this process, the kernel thread would call detach_capi_ctr() to detach a register controller. if the controller was not attached yet, detach_capi_ctr() would trigger an array-index-out-bounds bug. [ 46.866069][ T6479] UBSAN: array-index-out-of-bounds in drivers/isdn/capi/kcapi.c:483:21 [ 46.867196][ T6479] index -1 is out of range for type 'capi_ctr *[32]' [ 46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 Not tainted 5.15.0-rc2+ #8 [ 46.869002][ T6479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 [ 46.870107][ T6479] Call Trace: [ 46.870473][ T6479] dump_stack_lvl+0x57/0x7d [ 46.870974][ T6479] ubsan_epilogue+0x5/0x40 [ 46.871458][ T6479] __ubsan_handle_out_of_bounds.cold+0x43/0x48 [ 46.872135][ T6479] detach_capi_ctr+0x64/0xc0 [ 46.872639][ T6479] cmtp_session+0x5c8/0x5d0 [ 46.873131][ T6479] ? __init_waitqueue_head+0x60/0x60 [ 46.873712][ T6479] ? cmtp_add_msgpart+0x120/0x120 [ 46.874256][ T6479] kthread+0x147/0x170 [ 46.874709][ T6479] ? set_kthread_struct+0x40/0x40 [ 46.875248][ T6479] ret_from_fork+0x1f/0x30 [ 46.875773][ T6479]

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/1f3e2e97c003f80c4b087092b225c8787ff91e4d Patch
https://git.kernel.org/stable/c/24219a977bfe3d658687e45615c70998acdbac5a Patch
https://git.kernel.org/stable/c/285e9210b1fab96a11c0be3ed5cea9dd48b6ac54 Patch
https://git.kernel.org/stable/c/7d91adc0ccb060ce564103315189466eb822cc6a Patch
https://git.kernel.org/stable/c/7f221ccbee4ec662e2292d490a43ce6c314c4594 Patch
https://git.kernel.org/stable/c/9b6b2db77bc3121fe435f1d4b56e34de443bec75 Patch
https://git.kernel.org/stable/c/cc20226e218a2375d50dd9ac14fb4121b43375ff Patch
https://git.kernel.org/stable/c/e8b8de17e164c9f1b7777f1c6f99d05539000036 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*
History

18 Sep 2024, 16:34

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CWE CWE-129
First Time Linux
Linux linux Kernel
CPE cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: isdn: cpai: verifique ctr->cnr para evitar que el índice de matriz esté fuera de límite. cmtp_add_connection() agregaría una sesión cmtp a un controlador y ejecutaría un subproceso del kernel para procesar cmtp. __module_get(ESTE_MÓDULO); sesión->tarea = kthread_run(cmtp_session, sesión, "kcmtpd_ctr_%d", sesión->num); Durante este proceso, el hilo del núcleo llamaría a detach_capi_ctr() para desconectar un controlador de registro. Si el controlador aún no estaba conectado, detach_capi_ctr() desencadenaría un error de los límites de índice de matriz. [ 46.866069][ T6479] UBSAN: índice de matriz fuera de los límites en drivers/isdn/capi/kcapi.c:483:21 [ 46.867196][ T6479] el índice -1 está fuera de rango para el tipo 'capi_ctr *[ 32]' [ 46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 No contaminado 5.15.0-rc2+ #8 [ 46.869002][ T6479] Nombre de hardware: PC estándar QEMU (i440FX + PIIX, 1996), BIOS 1.14. 0-2 01/04/2014 [ 46.870107][ T6479] Seguimiento de llamadas: [ 46.870473][ T6479] dump_stack_lvl+0x57/0x7d [ 46.870974][ T6479] ubsan_epilogue+0x5/0x40 [ 46.871458][ T6479 ] __ubsan_handle_out_of_bounds.cold+0x43 /0x48 [ 46.872135][ T6479] detach_capi_ctr+0x64/0xc0 [ 46.872639][ T6479] cmtp_session+0x5c8/0x5d0 [ 46.873131][ T6479] ? __init_waitqueue_head+0x60/0x60 [ 46.873712][ T6479] ? cmtp_add_msgpart+0x120/0x120 [ 46.874256][ T6479] kthread+0x147/0x170 [ 46.874709][ T6479] ? set_kthread_struct+0x40/0x40 [ 46.875248][ T6479] ret_from_fork+0x1f/0x30 [ 46.875773][ T6479]
References () https://git.kernel.org/stable/c/1f3e2e97c003f80c4b087092b225c8787ff91e4d - () https://git.kernel.org/stable/c/1f3e2e97c003f80c4b087092b225c8787ff91e4d - Patch
References () https://git.kernel.org/stable/c/24219a977bfe3d658687e45615c70998acdbac5a - () https://git.kernel.org/stable/c/24219a977bfe3d658687e45615c70998acdbac5a - Patch
References () https://git.kernel.org/stable/c/285e9210b1fab96a11c0be3ed5cea9dd48b6ac54 - () https://git.kernel.org/stable/c/285e9210b1fab96a11c0be3ed5cea9dd48b6ac54 - Patch
References () https://git.kernel.org/stable/c/7d91adc0ccb060ce564103315189466eb822cc6a - () https://git.kernel.org/stable/c/7d91adc0ccb060ce564103315189466eb822cc6a - Patch
References () https://git.kernel.org/stable/c/7f221ccbee4ec662e2292d490a43ce6c314c4594 - () https://git.kernel.org/stable/c/7f221ccbee4ec662e2292d490a43ce6c314c4594 - Patch
References () https://git.kernel.org/stable/c/9b6b2db77bc3121fe435f1d4b56e34de443bec75 - () https://git.kernel.org/stable/c/9b6b2db77bc3121fe435f1d4b56e34de443bec75 - Patch
References () https://git.kernel.org/stable/c/cc20226e218a2375d50dd9ac14fb4121b43375ff - () https://git.kernel.org/stable/c/cc20226e218a2375d50dd9ac14fb4121b43375ff - Patch
References () https://git.kernel.org/stable/c/e8b8de17e164c9f1b7777f1c6f99d05539000036 - () https://git.kernel.org/stable/c/e8b8de17e164c9f1b7777f1c6f99d05539000036 - Patch

20 Jun 2024, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-20 12:15

Updated : 2024-09-18 16:34

NVD link : CVE-2021-4439

Mitre link : CVE-2021-4439

CVE.ORG link : CVE-2021-4439

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-129

Improper Validation of Array Index


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024