[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Linux kernel: CVE-2022-1516: NULL pointer dereference in Linux kernel`s X.25 network
From: duoming () zju ! edu ! cn
Date: 2022-06-19 14:48:04
Message-ID: 5953bcb8.7a23f.1817c6f6683.Coremail.duoming () zju ! edu ! cn
[Download RAW message or body]
Hello there,
A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of
standardized network protocols functionality in the way a user terminates
their session using a simulated Ethernet card and continued usage of this
connection.
=*=*=*=*=*=*=*=*= Bug Details =*=*=*=*=*=*=*=*=
When the link layer is terminating, x25->neighbour will be set to NULL
in x25_disconnect(). As a result, it could cause null-ptr-deref bugs in
x25_sendmsg(),x25_recvmsg() and x25_connect(). One of the bugs is
shown below.
(Thread 1) | (Thread 2)
x25_link_terminated() | x25_recvmsg()
x25_kill_by_neigh() | ...
x25_disconnect() | lock_sock(sk)
... | ...
x25->neighbour = NULL //(1) |
... | x25->neighbour->extended //(2)
The code sets NULL to x25->neighbour in position (1) and dereferences
x25->neighbour in position (2), which could cause null-ptr-deref bug.
=*=*=*=*=*=*=*=*= Bug Effects =*=*=*=*=*=*=*=*=
This flaw allows a local user to crash the system.
=*=*=*=*=*=*=*=*= Bug Fix =*=*=*=*=*=*=*=*=
The patch that have been applied to mainline Linux kernel is shown below.
https://github.com/torvalds/linux/commit/7781607938c8371d4c2b243527430241c62e39c2
=*=*=*=*=*=*=*=*= Timeline =*=*=*=*=*=*=*=*=
2022-03-26: commit 7781607938c8 accepted to mainline kernel
2022-03-26: CVE-2022-1516 is assigned
=*=*=*=*=*=*=*=*= Credit =*=*=*=*=*=*=*=*=
Duoming Zhou <duoming@zju.edu.cn>
Best Regards,
Duoming Zhou
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic