Bug 2261974 (CVE-2021-33630) - CVE-2021-33630 kernel: net/sched: cbs NULL pointer dereference when offloading is enabled
Summary: CVE-2021-33630 kernel: net/sched: cbs NULL pointer dereference when offloadin...
Keywords:
Status: NEW
Alias: CVE-2021-33630
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2261978
TreeView+ depends on / blocked
 
Reported: 2024-01-30 16:55 UTC by Mauro Matteo Cascella
Modified: 2024-02-28 06:19 UTC (History)
50 users (show)

Fixed In Version: kernel 5.4-rc1
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in the Linux kernel's network scheduler. This issue occurs when offloading is enabled, the cbs instance is not added to the list. The code also incorrectly handles the case when offload is disabled without removing the qdisc. This could allow a local user to cause a denial of service condition.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Mauro Matteo Cascella 2024-01-30 16:55:37 UTC
A flaw was found in the network scheduler in the Linux kernel. The problem happens because when offloading is enabled, the cbs instance is not added to the list. Also, the code didn't handle correctly the case when offload is disabled without removing the qdisc. This could lead to a NULL pointer dereference issue.

Upstream commit:
https://github.com/torvalds/linux/commit/3e8b9bfa110896f95d602d8c98d5f9d67e41d78c

References:
https://www.openwall.com/lists/oss-security/2024/01/30/3
https://nvd.nist.gov/vuln/detail/CVE-2021-33630

Comment 3 Mauro Matteo Cascella 2024-01-31 09:14:13 UTC
This CVE was fixed upstream in kernel version 5.4. The kernel packages as shipped in Red Hat Enterprise Linux 8 were previously updated to a version that contains the fix via the following errata:

kernel in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2020:1769

kernel-rt in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2020:1567


Note You need to log in before you can comment on or make changes to this bug.