CVE-2021-47517

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ethtool: do not perform operations on net devices being unregistered<br /> <br /> There is a short period between a net device starts to be unregistered<br /> and when it is actually gone. In that time frame ethtool operations<br /> could still be performed, which might end up in unwanted or undefined<br /> behaviours[1].<br /> <br /> Do not allow ethtool operations after a net device starts its<br /> unregistration. This patch targets the netlink part as the ioctl one<br /> isn&amp;#39;t affected: the reference to the net device is taken and the<br /> operation is executed within an rtnl lock section and the net device<br /> won&amp;#39;t be found after unregister.<br /> <br /> [1] For example adding Tx queues after unregister ends up in NULL<br /> pointer exceptions and UaFs, such as:<br /> <br /> BUG: KASAN: use-after-free in kobject_get+0x14/0x90<br /> Read of size 1 at addr ffff88801961248c by task ethtool/755<br /> <br /> CPU: 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014<br /> Call Trace:<br /> dump_stack_lvl+0x57/0x72<br /> print_address_description.constprop.0+0x1f/0x140<br /> kasan_report.cold+0x7f/0x11b<br /> kobject_get+0x14/0x90<br /> kobject_add_internal+0x3d1/0x450<br /> kobject_init_and_add+0xba/0xf0<br /> netdev_queue_update_kobjects+0xcf/0x200<br /> netif_set_real_num_tx_queues+0xb4/0x310<br /> veth_set_channels+0x1c3/0x550<br /> ethnl_set_channels+0x524/0x610