CVE-2021-47457

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()<br /> <br /> Using wait_event_interruptible() to wait for complete transmission,<br /> but do not check the result of wait_event_interruptible() which can be<br /> interrupted. It will result in TX buffer has multiple accessors and<br /> the later process interferes with the previous process.<br /> <br /> Following is one of the problems reported by syzbot.<br /> <br /> =============================================================<br /> WARNING: CPU: 0 PID: 0 at net/can/isotp.c:840 isotp_tx_timer_handler+0x2e0/0x4c0<br /> CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.13.0-rc7+ #68<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1 04/01/2014<br /> RIP: 0010:isotp_tx_timer_handler+0x2e0/0x4c0<br /> Call Trace:<br /> <br /> ? isotp_setsockopt+0x390/0x390<br /> __hrtimer_run_queues+0xb8/0x610<br /> hrtimer_run_softirq+0x91/0xd0<br /> ? rcu_read_lock_sched_held+0x4d/0x80<br /> __do_softirq+0xe8/0x553<br /> irq_exit_rcu+0xf8/0x100<br /> sysvec_apic_timer_interrupt+0x9e/0xc0<br /> <br /> asm_sysvec_apic_timer_interrupt+0x12/0x20<br /> <br /> Add result check for wait_event_interruptible() in isotp_sendmsg()<br /> to avoid multiple accessers for tx buffer.