A flaw in the Linux kernels NFC implementation allowed local unpriviledged users to cause a kernel panic to create a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. Reference and upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4ac06a1e013cf5fdd963317ffd3b968560f33bba
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1992811]
This was fixed for Fedora with the 5.12.10 stable kernel updates.
this is a duplicate of 1968057 [0]. [0] https://bugzilla.redhat.com/show_bug.cgi?id=1968057
(In reply to Gianluca Gabrielli from comment #7) > this is a duplicate of 1968057 [0]. > > [0] https://bugzilla.redhat.com/show_bug.cgi?id=1968057 indeed, it looks that way. thanks Gianluca for the heads up. I'm bringing it up internally so that we can initiate the process of marking one CVE as a duplicate of the other and then we're gonna deal with the flaw bugs. thanks! petr
*** Bug 1968057 has been marked as a duplicate of this bug. ***
In reply to comment #9: > *** Bug 1968057 has been marked as a duplicate of this bug. *** ref: https://www.openwall.com/lists/oss-security/2021/08/24/2
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-38208