SB20240603199 - Improper error handling in Linux kernel batman-adv

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper error handling (CVE-ID: CVE-2021-47482)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the batadv_tt_init() function in net/batman-adv/translation-table.c, within the batadv_nc_mesh_init() function in net/batman-adv/network-coding.c, within the batadv_mesh_init() function in net/batman-adv/main.c, within the batadv_bla_init() function in net/batman-adv/bridge_loop_avoidance.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/0c6b199f09be489c48622537a550787fc80aea73
• https://git.kernel.org/stable/c/07533f1a673ce1126d0a72ef1e4b5eaaa3dd6d20
• https://git.kernel.org/stable/c/e50f957652190b5a88a8ebce7e5ab14ebd0d3f00
• https://git.kernel.org/stable/c/fbf150b16a3635634b7dfb7f229d8fcd643c6c51
• https://git.kernel.org/stable/c/6422e8471890273994fe8cc6d452b0dcd2c9483e
• https://git.kernel.org/stable/c/b0a2cd38553c77928ef1646ed1518486b1e70ae8
• https://git.kernel.org/stable/c/a8f7359259dd5923adc6129284fdad12fc5db347
• https://git.kernel.org/stable/c/6f68cd634856f8ca93bafd623ba5357e0f648c68
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.254
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.293
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.289
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.77
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.157