Bug 2027201 (CVE-2021-4028)
| Summary: | CVE-2021-4028 kernel: use-after-free in RDMA listen() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, asavkov, bhu, brdeoliv, bskeggs, carnil, chwhite, crwood, ctoe, dhoward, dvlasenk, eshatokhin, fhrbata, fpacheco, hdegoede, hkrzesin, jarod, jarodwilson, jburrell, jeremy, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jthierry, jwboyer, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, lgoncalv, linville, masami256, mchehab, michal.skrivanek, mperina, nmurray, nobody, ptalbert, qzhao, rhandlin, rvrbovsk, sbonazzo, scweaver, security-response-team, steve.beattie, steved, vkumar, walters, williams, ycote |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 5.15-rc1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-06-03 16:42:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2032068, 2032069, 2032070, 2032071, 2032072, 2032073, 2032074, 2032075, 2032076, 2032077, 2032079, 2032080, 2032081, 2032082, 2033241, 2033242, 2033351, 2033352, 2033353, 2033355, 2033356, 2033357, 2033359, 2033360, 2033361, 2033362, 2033363, 2033364, 2056588, 2069037 | ||
| Bug Blocks: | 2026963 | ||
|
Description
Wade Mealing
2021-11-29 06:01:09 UTC
Investigation is ongoing for this issue to qualify it better than what I currently understand it. Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2032068] Is this issue know to upstream, is there an upstream fix? I'm trying to properly track this CVE in Debian, but was unable to isolate an upstream commit relating to it. Possible to share information on the CVE in question? Is the assessment from https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0 correct? This was fixed for Fedora with the 5.14.10 stable kernel updates. Added 2032070 to depends list. Created oVirt tracking bug for this issue: Affects: oVirt Node 4.4 [2056588] This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0590 https://access.redhat.com/errata/RHSA-2022:0590 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0629 https://access.redhat.com/errata/RHSA-2022:0629 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0636 https://access.redhat.com/errata/RHSA-2022:0636 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0771 https://access.redhat.com/errata/RHSA-2022:0771 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0772 https://access.redhat.com/errata/RHSA-2022:0772 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0777 https://access.redhat.com/errata/RHSA-2022:0777 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0823 https://access.redhat.com/errata/RHSA-2022:0823 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0851 https://access.redhat.com/errata/RHSA-2022:0851 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0958 https://access.redhat.com/errata/RHSA-2022:0958 Sadly, I couldnt make trackers for a product when the tool would not make trackers at the time. I am kinda confused how it made the other current stream and not 8.7 GA. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1185 https://access.redhat.com/errata/RHSA-2022:1185 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1198 https://access.redhat.com/errata/RHSA-2022:1198 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1199 https://access.redhat.com/errata/RHSA-2022:1199 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2022:1324 https://access.redhat.com/errata/RHSA-2022:1324 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Via RHSA-2022:1373 https://access.redhat.com/errata/RHSA-2022:1373 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1535 https://access.redhat.com/errata/RHSA-2022:1535 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1555 https://access.redhat.com/errata/RHSA-2022:1555 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1550 https://access.redhat.com/errata/RHSA-2022:1550 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2022:2189 https://access.redhat.com/errata/RHSA-2022:2189 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Via RHSA-2022:2188 https://access.redhat.com/errata/RHSA-2022:2188 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2022:2186 https://access.redhat.com/errata/RHSA-2022:2186 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Via RHSA-2022:2211 https://access.redhat.com/errata/RHSA-2022:2211 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-4028 |