CVE-2021-47591
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
19/06/2024
Last modified:
01/11/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
mptcp: remove tcp ulp setsockopt support<br />
<br />
TCP_ULP setsockopt cannot be used for mptcp because its already<br />
used internally to plumb subflow (tcp) sockets to the mptcp layer.<br />
<br />
syzbot managed to trigger a crash for mptcp connections that are<br />
in fallback mode:<br />
<br />
KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]<br />
CPU: 1 PID: 1083 Comm: syz-executor.3 Not tainted 5.16.0-rc2-syzkaller #0<br />
RIP: 0010:tls_build_proto net/tls/tls_main.c:776 [inline]<br />
[..]<br />
__tcp_set_ulp net/ipv4/tcp_ulp.c:139 [inline]<br />
tcp_set_ulp+0x428/0x4c0 net/ipv4/tcp_ulp.c:160<br />
do_tcp_setsockopt+0x455/0x37c0 net/ipv4/tcp.c:3391<br />
mptcp_setsockopt+0x1b47/0x2400 net/mptcp/sockopt.c:638<br />
<br />
Remove support for TCP_ULP setsockopt.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.13 (including) | 5.15.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.16:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page