CVE-2021-47597
- Source
- https://cve.org/CVERecord?id=CVE-2021-47597
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47597.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-47597
- Downstream
- Related
- Published
- 2024-06-19T15:15:54.290Z
- Modified
- 2026-03-14T01:39:30.185555Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
inet_diag: fix kernel-infoleak for UDP sockets
KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users.
After analysis it turned out UDP was not initializing r->idiagexpires. Other users of inetskdiagfill() might make the same mistake in the future, so fix this in inetskdiag_fill().
[1] BUG: KMSAN: kernel-infoleak in instrumentcopytouser include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/ioviter.c:156 [inline] BUG: KMSAN: kernel-infoleak in copytoiter+0x69d/0x25c0 lib/ioviter.c:670 instrumentcopytouser include/linux/instrumented.h:121 [inline] copyout lib/ioviter.c:156 [inline] copytoiter+0x69d/0x25c0 lib/ioviter.c:670 copytoiter include/linux/uio.h:155 [inline] simplecopyto_iter+0xf3/0x140 net/core/datagram.c:519 __skbdatagramiter+0x2cb/0x1280 net/core/datagram.c:425 skbcopydatagramiter+0xdc/0x270 net/core/datagram.c:533 skbcopydatagrammsg include/linux/skbuff.h:3657 [inline] netlinkrecvmsg+0x660/0x1c60 net/netlink/afnetlink.c:1974 sockrecvmsgnosec net/socket.c:944 [inline] sockrecvmsg net/socket.c:962 [inline] sockreaditer+0x5a9/0x630 net/socket.c:1035 callreaditer include/linux/fs.h:2156 [inline] newsyncread fs/readwrite.c:400 [inline] vfsread+0x1631/0x1980 fs/readwrite.c:481 ksysread+0x28c/0x520 fs/readwrite.c:619 __dosysread fs/read_write.c:629 [inline] __sesysread fs/read_write.c:627 [inline] _x64sysread+0xdb/0x120 fs/readwrite.c:627 dosyscallx64 arch/x86/entry/common.c:51 [inline] dosyscall64+0x54/0xd0 arch/x86/entry/common.c:82 entrySYSCALL64afterhwframe+0x44/0xae
Uninit was created at: slabpostallochook mm/slab.h:524 [inline] slaballoc_node mm/slub.c:3251 [inline] __kmallocnodetrackcaller+0xe0c/0x1510 mm/slub.c:4974 kmallocreserve net/core/skbuff.c:354 [inline] __allocskb+0x545/0xf90 net/core/skbuff.c:426 allocskb include/linux/skbuff.h:1126 [inline] netlinkdump+0x3d5/0x16a0 net/netlink/afnetlink.c:2245 __netlinkdumpstart+0xd1c/0xee0 net/netlink/afnetlink.c:2370 netlinkdumpstart include/linux/netlink.h:254 [inline] inetdiaghandlercmd+0x2e7/0x400 net/ipv4/inetdiag.c:1343 sockdiagrcvmsg+0x24a/0x620 netlinkrcvskb+0x447/0x800 net/netlink/afnetlink.c:2491 sockdiagrcv+0x63/0x80 net/core/sockdiag.c:276 netlinkunicastkernel net/netlink/afnetlink.c:1319 [inline] netlinkunicast+0x1095/0x1360 net/netlink/afnetlink.c:1345 netlinksendmsg+0x16f3/0x1870 net/netlink/afnetlink.c:1916 socksendmsgnosec net/socket.c:704 [inline] socksendmsg net/socket.c:724 [inline] sockwriteiter+0x594/0x690 net/socket.c:1057 doiterreadvwritev+0xa7f/0xc70 doiterwrite+0x52c/0x1500 fs/readwrite.c:851 vfswritev fs/readwrite.c:924 [inline] dowritev+0x63f/0xe30 fs/readwrite.c:967 __dosyswritev fs/read_write.c:1040 [inline] __sesyswritev fs/read_write.c:1037 [inline] _x64syswritev+0xe5/0x120 fs/readwrite.c:1037 dosyscallx64 arch/x86/entry/common.c:51 [inline] dosyscall64+0x54/0xd0 arch/x86/entry/common.c:82 entrySYSCALL64afterhwframe+0x44/0xae
Bytes 68-71 of 312 are uninitialized Memory access of size 312 starts at ffff88812ab54000 Data copied to user address 0000000020001440
CPU: 1 PID: 6365 Comm: syz-executor801 Not tainted 5.16.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
- References
Affected packages
Git /
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47597.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "3.3"
},
{
"fixed": "5.4.168"
}
]
},
{
"events": [
{
"introduced": "5.5"
},
{
"fixed": "5.10.88"
}
]
},
{
"events": [
{
"introduced": "5.11"
},
{
"fixed": "5.15.11"
}
]
}
]