Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2021-47068

Disclosure Date: February 29, 2024 •

CVE-2021-47068 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

net/nfc: fix use-after-free llcp_sock_bind/connect

Commits 8a4cd82d (“nfc: fix refcount leak in llcp_sock_connect()”)
and c33b1cc62 (“nfc: fix refcount leak in llcp_sock_bind()”)
fixed a refcount leak bug in bind/connect but introduced a
use-after-free if the same local is assigned to 2 different sockets.

This can be triggered by the following simple program:

int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP );
int sock2 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP );
memset( &addr, 0, sizeof(struct sockaddr_nfc_llcp) );
addr.sa_family = AF_NFC;
addr.nfc_protocol = NFC_PROTO_NFC_DEP;
bind( sock1, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) )
bind( sock2, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) )
close(sock1);
close(sock2);

Fix this by assigning NULL to llcp_sock->local after calling
nfc_llcp_local_put.

This addresses CVE-2021-23134.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2021-47068 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47068)

Miscellaneous

https://git.kernel.org/stable/c/26157c82ba756767b2bd66d28a71b1bc454447f6

https://git.kernel.org/stable/c/ccddad6dd28530e716448e594c9ca7c76ccd0570

https://git.kernel.org/stable/c/18ae4a192a4496e48a5490b52812645d2413307c

https://git.kernel.org/stable/c/48fba458fe54cc2a980a05c13e6c19b8b2cfb610

https://git.kernel.org/stable/c/e32352070bcac22be6ed8ab635debc280bb65b8c

https://git.kernel.org/stable/c/6b7021ed36dabf29e56842e3408781cd3b82ef6e

https://git.kernel.org/stable/c/374cdde4dcc9c909a60713abdbbf96d5e3e09f91

https://git.kernel.org/stable/c/18175fe17ae043a0b81e5d511f8817825784c299

https://git.kernel.org/stable/c/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6

Rapid7

Unknown

CVE-2021-47068

Unknown

Unknown

None

Low

Local

CVE-2021-47068

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2021-47068

Unknown

Unknown

None

Low

Local

CVE-2021-47068

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification