Bug 1943282 (CVE-2021-20297)

Summary: CVE-2021-20297 NetworkManager: Profile with match.path setting triggers crash
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acardace, atragler, bgalvani, bmontgom, dcbw, dmoppert, eparis, fgiudici, gnome-sig, jburrell, jokerman, lkundrak, lrintel, mclasen, nm-team, nstielau, rkhan, rstrode, sandmann, security-response-team, sponnaga, sukulkar, till
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: NetworkManager 1.30.0 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in NetworkManager. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-18 20:38:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1946668, 1942741, 1944465, 1944952, 1944977    
Bug Blocks: 1943283    

Description Pedro Sampaio 2021-03-25 17:38:38 UTC 
A flaw was found in NetworkManager. Setting match.path and activating a profiles crashes NetworkManager.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1942741
Comment 4 Till Maas 2021-03-29 18:24:16 UTC 
The original issue was already public and the fix is also available upstream: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27 therefore it seems to late to keep the issue non public.
Comment 5 Mark Cooper 2021-03-30 00:50:18 UTC 
In reply to comment #4:
> The original issue was already public and the fix is also available
> upstream:
> https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/
> 420784e342da4883f6debdfe10cde68507b10d27 therefore it seems to late to keep
> the issue non public.

I absolutely agree and not sure why it was embargoed. We'll sort it out today.
Comment 6 Mark Cooper 2021-03-30 01:14:35 UTC 
Created NetworkManager tracking bugs for this issue:

Affects: fedora-all [bug 1944465]
Comment 14 errata-xmlrpc 2021-05-18 13:14:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1574 https://access.redhat.com/errata/RHSA-2021:1574
Comment 15 errata-xmlrpc 2021-05-18 13:21:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1574 https://access.redhat.com/errata/RHSA-2021:1574
Comment 16 Product Security DevOps Team 2021-05-18 20:38:36 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-20297