DEBIAN-CVE-2021-47482
- Source
- https://security-tracker.debian.org/tracker/CVE-2021-47482
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47482.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2021-47482
- Upstream
- Published
- 2024-05-22T09:15:10.150Z
- Modified
- 2025-11-20T10:15:20.780206Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadvncmeshfree(). The problem was in wrong error handling in batadvmeshinit(). Before this patch batadvmeshinit() was calling batadvmeshfree() in case of any batadvinit() calls failure. This approach may work well, when there is some kind of indicator, which can tell which parts of batadv are initialized; but there isn't any. All written above lead to cleaning up uninitialized fields. Even if we hide ODEBUG warning by initializing batpriv->nc.work, syzbot was able to hit GPF in batadvncpurgepaths(), because hash pointer in still NULL. [1] To fix these bugs we can unwind batadvinit() calls one by one. It is good approach for 2 reasons: 1) It fixes bugs on error handling path 2) It improves the performance, since we won't call unneeded batadvfree() functions. So, this patch makes all batadvinit() clean up all allocated memory before returning with an error to no call correspoing batadv*free() and open-codes batadvmesh_free() with proper order to avoid touching uninitialized fields.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source