#VU90232 Use-after-free in Linux kernel - CVE-2021-47103


Vulnerability identifier: #VU90232

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2021-47103

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the inet6_sk_rx_dst_set(), tcp_v6_do_rcv() and tcp_v6_early_demux() functions in net/ipv6/tcp_ipv6.c, within the udp_sk_rx_dst_set(), __udp4_lib_rcv() and udp_v4_early_demux() functions in net/ipv4/udp.c, within the tcp_v4_do_rcv(), tcp_v4_early_demux(), tcp_prequeue() and inet_sk_rx_dst_set() functions in net/ipv4/tcp_ipv4.c, within the tcp_rcv_established() function in net/ipv4/tcp_input.c, within the tcp_disconnect() function in net/ipv4/tcp.c, within the inet_sock_destruct() function in net/ipv4/af_inet.c. A local user can send specially crafted packets to the system, trigger a use-after-free error and potentially execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/68c34ce11ef23328692aa35fa6aaafdd75913100
http://git.kernel.org/stable/c/92e6e36ecd16808866ac6172b9491b5097cde449
http://git.kernel.org/stable/c/75a578000ae5e511e5d0e8433c94a14d9c99c412
http://git.kernel.org/stable/c/c3bb4a7e8cbc984e1cdac0fe6af60e880214ed6e
http://git.kernel.org/stable/c/f039b43cbaea5e0700980c2f0052da05a70782e0
http://git.kernel.org/stable/c/0249a4b8a554f2eb6a27b62516fa50168584faa4
http://git.kernel.org/stable/c/8f905c0e7354ef261360fb7535ea079b1082c105

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-lts-xenial
Ubuntu update for linux-kvm
Ubuntu update for linux
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Remote code execution in Linux kernel