{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect\n\nIt's possible to trigger NULL pointer dereference by local unprivileged\nuser, when calling getsockname() after failed bind() (e.g. the bind\nfails because LLCP_SAP_MAX used as SAP):\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n CPU: 1 PID: 426 Comm: llcp_sock_getna Not tainted 5.13.0-rc2-next-20210521+ #9\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1 04/01/2014\n Call Trace:\n llcp_sock_getname+0xb1/0xe0\n __sys_getpeername+0x95/0xc0\n ? lockdep_hardirqs_on_prepare+0xd5/0x180\n ? syscall_enter_from_user_mode+0x1c/0x40\n __x64_sys_getpeername+0x11/0x20\n do_syscall_64+0x36/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThis can be reproduced with Syzkaller C repro (bind followed by\ngetpeername):\nhttps://syzkaller.appspot.com/x/repro.c?x=14def446e00000" } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { "version": "d646960f7986", "lessThan": "eb6875d48590", "status": "affected", "versionType": "git" }, { "version": "d646960f7986", "lessThan": "39c15bd2e5d1", "status": "affected", "versionType": "git" }, { "version": "d646960f7986", "lessThan": "ffff05b9ee5c", "status": "affected", "versionType": "git" }, { "version": "d646960f7986", "lessThan": "93e4ac2a9979", "status": "affected", "versionType": "git" }, { "version": "d646960f7986", "lessThan": "5d4c4b06ed9f", "status": "affected", "versionType": "git" }, { "version": "d646960f7986", "lessThan": "48ee0db61c82", "status": "affected", "versionType": "git" }, { "version": "d646960f7986", "lessThan": "0c4559736d9a", "status": "affected", "versionType": "git" }, { "version": "d646960f7986", "lessThan": "4ac06a1e013c", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { "version": "3.3", "status": "affected" }, { "version": "0", "lessThan": "3.3", "status": "unaffected", "versionType": "custom" }, { "version": "4.4.272", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "custom" }, { "version": "4.9.272", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "custom" }, { "version": "4.14.236", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "custom" }, { "version": "4.19.194", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.4.125", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.10.43", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.12.10", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/eb6875d48590d8e564092e831ff07fa384d7e477" }, { "url": "https://git.kernel.org/stable/c/39c15bd2e5d11bcf7f4c3dba2aad9e1e110a5d94" }, { "url": "https://git.kernel.org/stable/c/ffff05b9ee5c74c04bba2801c1f99b31975d74d9" }, { "url": "https://git.kernel.org/stable/c/93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f" }, { "url": "https://git.kernel.org/stable/c/5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70" }, { "url": "https://git.kernel.org/stable/c/48ee0db61c8299022ec88c79ad137f290196cac2" }, { "url": "https://git.kernel.org/stable/c/0c4559736d9a4ec1ca58ba98ca34e7c4da4c422b" }, { "url": "https://git.kernel.org/stable/c/4ac06a1e013cf5fdd963317ffd3b968560f33bba" } ], "title": "nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect", "x_generator": { "engine": "bippy-8df59b4913de" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2021-47115", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }