cve-2021-47593
Vulnerability from cvelistv5
Published
2024-06-19 14:53
Modified
2024-11-04 12:08
Severity ?
Summary
mptcp: clear 'kern' flag from fallback sockets
Impacted products
Vendor Product Version
Linux Linux Version: 5.6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:47:39.485Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/451f1eded7f56e93aaf52eb547ba97742d9c0e97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c26ac0ea3a91c210cf90452e625dc441adf3e549"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d6692b3b97bdc165d150f4c1505751a323a80717"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:12:30.519015Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:52.236Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "451f1eded7f5",
              "status": "affected",
              "version": "cf7da0d66cc1",
              "versionType": "git"
            },
            {
              "lessThan": "c26ac0ea3a91",
              "status": "affected",
              "version": "cf7da0d66cc1",
              "versionType": "git"
            },
            {
              "lessThan": "d6692b3b97bd",
              "status": "affected",
              "version": "cf7da0d66cc1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: clear \u0027kern\u0027 flag from fallback sockets\n\nThe mptcp ULP extension relies on sk-\u003esk_sock_kern being set correctly:\nIt prevents setsockopt(fd, IPPROTO_TCP, TCP_ULP, \"mptcp\", 6); from\nworking for plain tcp sockets (any userspace-exposed socket).\n\nBut in case of fallback, accept() can return a plain tcp sk.\nIn such case, sk is still tagged as \u0027kernel\u0027 and setsockopt will work.\n\nThis will crash the kernel, The subflow extension has a NULL ctx-\u003econn\nmptcp socket:\n\nBUG: KASAN: null-ptr-deref in subflow_data_ready+0x181/0x2b0\nCall Trace:\n tcp_data_ready+0xf8/0x370\n [..]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T12:08:48.339Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/451f1eded7f56e93aaf52eb547ba97742d9c0e97"
        },
        {
          "url": "https://git.kernel.org/stable/c/c26ac0ea3a91c210cf90452e625dc441adf3e549"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6692b3b97bdc165d150f4c1505751a323a80717"
        }
      ],
      "title": "mptcp: clear \u0027kern\u0027 flag from fallback sockets",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47593",
    "datePublished": "2024-06-19T14:53:56.251Z",
    "dateReserved": "2024-05-24T15:11:00.733Z",
    "dateUpdated": "2024-11-04T12:08:48.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47593\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-19T15:15:53.890\",\"lastModified\":\"2024-11-21T06:36:37.517\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmptcp: clear \u0027kern\u0027 flag from fallback sockets\\n\\nThe mptcp ULP extension relies on sk-\u003esk_sock_kern being set correctly:\\nIt prevents setsockopt(fd, IPPROTO_TCP, TCP_ULP, \\\"mptcp\\\", 6); from\\nworking for plain tcp sockets (any userspace-exposed socket).\\n\\nBut in case of fallback, accept() can return a plain tcp sk.\\nIn such case, sk is still tagged as \u0027kernel\u0027 and setsockopt will work.\\n\\nThis will crash the kernel, The subflow extension has a NULL ctx-\u003econn\\nmptcp socket:\\n\\nBUG: KASAN: null-ptr-deref in subflow_data_ready+0x181/0x2b0\\nCall Trace:\\n tcp_data_ready+0xf8/0x370\\n [..]\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: borrar el indicador \u0027kern\u0027 de los sockets de reserva La extensi\u00f3n mptcp ULP depende de que sk-\u0026gt;sk_sock_kern est\u00e9 configurado correctamente: impide que setsockopt(fd, IPPROTO_TCP, TCP_ULP, \\\"mptcp\\\", 6); de funcionar para sockets tcp simples (cualquier socket expuesto al espacio de usuario). Pero en caso de respaldo, aceptar() puede devolver un sk tcp simple. En tal caso, sk todav\u00eda est\u00e1 etiquetado como \u0027kernel\u0027 y setsockopt funcionar\u00e1. Esto bloquear\u00e1 el kernel. La extensi\u00f3n de subflujo tiene un socket NULL ctx-\u0026gt;conn mptcp: ERROR: KASAN: null-ptr-deref en subflow_data_ready+0x181/0x2b0 Seguimiento de llamadas: tcp_data_ready+0xf8/0x370 [..]\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6\",\"versionEndExcluding\":\"5.10.88\",\"matchCriteriaId\":\"38A89EC4-168A-4514-A383-6B85436E12DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.11\",\"matchCriteriaId\":\"11274E95-438A-449A-B100-01B2B0046669\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"357AA433-37E8-4323-BFB2-3038D6E4B414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A73429BA-C2D9-4D0C-A75F-06A1CA8B3983\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F621B5E3-E99D-49E7-90B9-EC3B77C95383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7BFDCAA-1650-49AA-8462-407DD593F94F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.16:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EC9882F-866D-4ACB-8FBC-213D8D8436C8\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/451f1eded7f56e93aaf52eb547ba97742d9c0e97\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c26ac0ea3a91c210cf90452e625dc441adf3e549\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d6692b3b97bdc165d150f4c1505751a323a80717\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/451f1eded7f56e93aaf52eb547ba97742d9c0e97\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c26ac0ea3a91c210cf90452e625dc441adf3e549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d6692b3b97bdc165d150f4c1505751a323a80717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.