Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-47132— mptcp: fix sk_forward_memory corruption on retransmission

EPSS 0.02% · P6
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-47132

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
mptcp: fix sk_forward_memory corruption on retransmission
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sk_forward_memory corruption on retransmission MPTCP sk_forward_memory handling is a bit special, as such field is protected by the msk socket spin_lock, instead of the plain socket lock. Currently we have a code path updating such field without handling the relevant lock: __mptcp_retrans() -> __mptcp_clean_una_wakeup() Several helpers in __mptcp_clean_una_wakeup() will update sk_forward_alloc, possibly causing such field corruption, as reported by Matthieu. Address the issue providing and using a new variant of blamed function which explicitly acquires the msk spin lock.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于 mptcp 模块在重传时 sk_forward_memory 方法可能损坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 64b9cea7a0afe579dd2682f1f1c04f2e4e72fd25 ~ b9c78b1a95966a7bd2ddae05b73eafc0cda4fba3 -
LinuxLinux 5.12 -

II. Public POCs for CVE-2021-47132

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-47132

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-03-15 · 26 CVEs total

CVE-2021-47122net: caif: fix memory leak in caif_device_notify
CVE-2021-47135mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
CVE-2021-47134efi/fdt: fix panic when no valid fdt found
CVE-2021-47133HID: amd_sfh: Fix memory leak in amd_sfh_work
CVE-2021-47131net/tls: Fix use-after-free after the TLS device goes down and up
CVE-2021-47130nvmet: fix freeing unallocated p2pmem
CVE-2021-47129netfilter: nft_ct: skip expectations for confirmed conntrack
CVE-2021-47128bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks
CVE-2021-47127ice: track AF_XDP ZC enabled queues in bitmap
CVE-2021-47126ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions
CVE-2021-47125sch_htb: fix refcount leak in htb_parent_to_leaf_offload
CVE-2021-47124io_uring: fix link timeout refs
CVE-2021-47123io_uring: fix ltout double free on completion race
CVE-2021-47109neighbour: allow NUD_NOARP entries to be forced GCed
CVE-2021-47121net: caif: fix memory leak in cfusbl_device_notify
CVE-2021-47120HID: magicmouse: fix NULL-deref on disconnect
CVE-2021-47119ext4: fix memory leak in ext4_fill_super
CVE-2021-47118pid: take a reference when initializing `cad_pid`
CVE-2021-47117ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
CVE-2021-47116ext4: fix memory leak in ext4_mb_init_backend on error path.

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2021-47132

No comments yet

Leave a comment