From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-cve-announce@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: CVE-2021-47285: net/nfc/rawsock.c: fix a permission check bug
Date: Tue, 21 May 2024 16:20:39 +0200 [thread overview]
Message-ID: <2024052155-CVE-2021-47285-4fee@gregkh> (raw)
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
net/nfc/rawsock.c: fix a permission check bug
The function rawsock_create() calls a privileged function sk_alloc(), which requires a ns-aware check to check net->user_ns, i.e., ns_capable(). However, the original code checks the init_user_ns using capable(). So we replace the capable() with ns_capable().
The Linux kernel CVE team has assigned CVE-2021-47285 to this issue.
Affected and fixed versions
===========================
Fixed in 4.4.273 with commit c08e0be44759
Fixed in 4.9.273 with commit d6a21a3fb033
Fixed in 4.14.237 with commit 38cb2e23188a
Fixed in 4.19.195 with commit ec72482564ff
Fixed in 5.4.126 with commit f3ed12af6bbb
Fixed in 5.10.44 with commit 1e5cab50208c
Fixed in 5.12.11 with commit 90d0a3c76965
Fixed in 5.13 with commit 8ab78863e9ef
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2021-47285
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
net/nfc/rawsock.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/c08e0be44759d0b5affc5888be4aa5e536873335
https://git.kernel.org/stable/c/d6a21a3fb03300fbaa9fc3ed99f8b0962ce28362
https://git.kernel.org/stable/c/38cb2e23188af29c43966acee9dbb18b62e26cfe
https://git.kernel.org/stable/c/ec72482564ff99c6832d33610d9f8ab7ecc81b6d
https://git.kernel.org/stable/c/f3ed12af6bbbaf79eddb0ae14656b8ecacea74f0
https://git.kernel.org/stable/c/1e5cab50208c8fb7351b798cb1d569debfeb994a
https://git.kernel.org/stable/c/90d0a3c76965d7a10fc87c07be3e9714e2130d5c
https://git.kernel.org/stable/c/8ab78863e9eff11910e1ac8bcf478060c29b379e
reply other threads:[~2024-05-21 14:23 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024052155-CVE-2021-47285-4fee@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=cve@kernel.org \
--cc=linux-cve-announce@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.