Bug 1922249 (CVE-2021-3347)

Summary: CVE-2021-3347 kernel: Use after free via PI futex state
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, allarkin, asavkov, bhu, blc, bmasney, brdeoliv, bskeggs, chwhite, dhoward, dramseur, dvlasenk, eshatokhin, fhrbata, hannsj_uhl, hdegoede, hkrzesin, itamar, jarodwilson, jeremy, jforbes, jglisse, jhunter, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jwboyer, kcarcia, kent, kernel-maint, kernel-mgr, kmitts, kpatch-maint, lgoncalv, linville, masami256, mchehab, mgala, mickygough, mjudeiki, mlangsdo, mvanderw, nmurray, ptalbert, qzhao, rhandlin, rvrbovsk, steved, walters, williams, woodard, ycote
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-06 17:35:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1922251, 1924629, 1924630, 1924631, 1924632, 1924633, 1924635, 1924636, 1924637, 1924638, 1924639, 1924640, 1925100, 1925101, 1925102, 1925106, 1935103, 1935104, 1935105, 1935106, 1935107, 1935108, 1935109, 1935110, 1935111, 1935112, 1935113, 1935114, 1935115, 1935116, 1935117, 1935118, 1949012, 1949013, 1949014, 1949015    
Bug Blocks: 1922250    

Description Pedro Sampaio 2021-01-29 14:18:30 UTC 
A flaw was found in the Linux kernel. A use after free issue in PI futex may lead to code execution.

Upstream patch:

https://github.com/torvalds/linux/commit/c64396cc36c6e60704ab06c1fb1c4a46179c9120

References:

https://www.openwall.com/lists/oss-security/2021/01/29/1
Comment 1 Pedro Sampaio 2021-01-29 14:20:01 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1922251]
Comment 11 Fedora Update System 2021-02-05 01:32:33 UTC 
FEDORA-2021-6e805a5051 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 12 Fedora Update System 2021-02-05 01:58:31 UTC 
FEDORA-2021-879c756377 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 15 errata-xmlrpc 2021-04-06 13:58:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1081 https://access.redhat.com/errata/RHSA-2021:1081
Comment 16 errata-xmlrpc 2021-04-06 14:17:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1093 https://access.redhat.com/errata/RHSA-2021:1093
Comment 18 Product Security DevOps Team 2021-04-06 17:35:28 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3347
Comment 19 Product Security DevOps Team 2021-04-06 23:35:20 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3347
Comment 21 errata-xmlrpc 2021-04-20 13:02:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:1279 https://access.redhat.com/errata/RHSA-2021:1279
Comment 22 errata-xmlrpc 2021-04-20 13:16:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:1272 https://access.redhat.com/errata/RHSA-2021:1272
Comment 23 errata-xmlrpc 2021-04-20 20:46:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:1295 https://access.redhat.com/errata/RHSA-2021:1295
Comment 24 errata-xmlrpc 2021-04-27 07:21:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:1379 https://access.redhat.com/errata/RHSA-2021:1379
Comment 25 errata-xmlrpc 2021-05-25 06:43:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:2099 https://access.redhat.com/errata/RHSA-2021:2099
Comment 26 errata-xmlrpc 2021-05-25 15:54:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:2106 https://access.redhat.com/errata/RHSA-2021:2106
Comment 27 errata-xmlrpc 2021-06-08 09:09:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2285 https://access.redhat.com/errata/RHSA-2021:2285
Comment 28 errata-xmlrpc 2021-06-08 22:31:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2314 https://access.redhat.com/errata/RHSA-2021:2314
Comment 29 errata-xmlrpc 2021-06-08 22:32:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2316 https://access.redhat.com/errata/RHSA-2021:2316
Comment 30 errata-xmlrpc 2021-07-20 20:20:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2021:2733 https://access.redhat.com/errata/RHSA-2021:2733
Comment 31 errata-xmlrpc 2021-07-20 20:54:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2021:2735 https://access.redhat.com/errata/RHSA-2021:2735
Comment 32 errata-xmlrpc 2021-07-20 21:15:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2021:2732 https://access.redhat.com/errata/RHSA-2021:2732
Comment 33 errata-xmlrpc 2021-07-20 21:24:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2021:2730 https://access.redhat.com/errata/RHSA-2021:2730
Comment 34 errata-xmlrpc 2021-07-21 00:02:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions

Via RHSA-2021:2731 https://access.redhat.com/errata/RHSA-2021:2731
Comment 36 errata-xmlrpc 2021-08-31 19:45:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2021:3399 https://access.redhat.com/errata/RHSA-2021:3399
Comment 37 errata-xmlrpc 2021-09-14 08:44:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2021:3522 https://access.redhat.com/errata/RHSA-2021:3522
Comment 38 errata-xmlrpc 2021-09-14 08:44:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions

Via RHSA-2021:3523 https://access.redhat.com/errata/RHSA-2021:3523