CVE-2021-47482 Affecting kernel-preempt package, versions <5.3.18-150300.59.164.1
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-SLES153-KERNELPREEMPT-7367655
- published25 Jun 2024
- disclosed24 Jun 2024
Introduced: 24 Jun 2024
CVE-2021-47482 (opens in a new tab)How to fix?
Upgrade SLES:15.3 kernel-preempt to version 5.3.18-150300.59.164.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-preempt package and not the kernel-preempt package as distributed by SLES.
See How to fix? for SLES:15.3 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
net: batman-adv: fix error handling
Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handling in batadv_mesh_init().
Before this patch batadv_mesh_init() was calling batadv_mesh_free() in case of any batadv_*_init() calls failure. This approach may work well, when there is some kind of indicator, which can tell which parts of batadv are initialized; but there isn't any.
All written above lead to cleaning up uninitialized fields. Even if we hide ODEBUG warning by initializing bat_priv->nc.work, syzbot was able to hit GPF in batadv_nc_purge_paths(), because hash pointer in still NULL. [1]
To fix these bugs we can unwind batadv_*init() calls one by one. It is good approach for 2 reasons: 1) It fixes bugs on error handling path 2) It improves the performance, since we won't call unneeded batadv*_free() functions.
So, this patch makes all batadv_*init() clean up all allocated memory before returning with an error to no call correspoing batadv*_free() and open-codes batadv_mesh_free() with proper order to avoid touching uninitialized fields.
References
- https://www.suse.com/security/cve/CVE-2021-47482.html
- https://bugzilla.suse.com/1224909
- https://git.kernel.org/stable/c/07533f1a673ce1126d0a72ef1e4b5eaaa3dd6d20
- https://git.kernel.org/stable/c/0c6b199f09be489c48622537a550787fc80aea73
- https://git.kernel.org/stable/c/6422e8471890273994fe8cc6d452b0dcd2c9483e
- https://git.kernel.org/stable/c/6f68cd634856f8ca93bafd623ba5357e0f648c68
- https://git.kernel.org/stable/c/a8f7359259dd5923adc6129284fdad12fc5db347
- https://git.kernel.org/stable/c/b0a2cd38553c77928ef1646ed1518486b1e70ae8
- https://git.kernel.org/stable/c/e50f957652190b5a88a8ebce7e5ab14ebd0d3f00
- https://git.kernel.org/stable/c/fbf150b16a3635634b7dfb7f229d8fcd643c6c51