SB20240531166 - Use-after-free in Linux kernel nfc

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2021-47068)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the llcp_sock_bind() and llcp_sock_connect() functions in net/nfc/llcp_sock.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/26157c82ba756767b2bd66d28a71b1bc454447f6
• https://git.kernel.org/stable/c/ccddad6dd28530e716448e594c9ca7c76ccd0570
• https://git.kernel.org/stable/c/18ae4a192a4496e48a5490b52812645d2413307c
• https://git.kernel.org/stable/c/48fba458fe54cc2a980a05c13e6c19b8b2cfb610
• https://git.kernel.org/stable/c/e32352070bcac22be6ed8ab635debc280bb65b8c
• https://git.kernel.org/stable/c/6b7021ed36dabf29e56842e3408781cd3b82ef6e
• https://git.kernel.org/stable/c/374cdde4dcc9c909a60713abdbbf96d5e3e09f91
• https://git.kernel.org/stable/c/18175fe17ae043a0b81e5d511f8817825784c299
• https://git.kernel.org/stable/c/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.233
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.37
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.21
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.119