Bug 1993988 (CVE-2021-3715) - CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c
Summary: CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-3715
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1824071 1992926 1994012 1994013 1994014 1994015 1994016 1994018 1994019 1994020 1994463 1996610 1996611 1997195 1997756
Blocks: 2002252 1993312
TreeView+ depends on / blocked
 
Reported: 2021-08-16 13:49 UTC by Petr Matousek
Modified: 2021-09-24 11:12 UTC (History)
61 users (show)

Fixed In Version: Kernel 5.10
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-09-07 20:33:34 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:3438 0 None None None 2021-09-07 15:26:57 UTC
Red Hat Product Errata RHSA-2021:3439 0 None None None 2021-09-07 14:57:43 UTC
Red Hat Product Errata RHSA-2021:3441 0 None None None 2021-09-07 15:25:59 UTC
Red Hat Product Errata RHSA-2021:3442 0 None None None 2021-09-07 14:56:45 UTC
Red Hat Product Errata RHSA-2021:3443 0 None None None 2021-09-07 15:07:10 UTC
Red Hat Product Errata RHSA-2021:3444 0 None None None 2021-09-07 15:21:07 UTC
Red Hat Product Errata RHSA-2021:3445 0 None None None 2021-09-07 15:14:21 UTC
Red Hat Product Errata RHSA-2021:3446 0 None None None 2021-09-07 16:46:57 UTC
Red Hat Product Errata RHSA-2021:3477 0 None None None 2021-09-09 09:22:22 UTC

Description Petr Matousek 2021-08-16 13:49:46 UTC
A flaw was found in the way the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem handled changing of classification filters leading to user-after-free condition. An unprivileged local user could use this flaw to escalate their privileges on the system.

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359

Comment 24 errata-xmlrpc 2021-09-07 14:56:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3442 https://access.redhat.com/errata/RHSA-2021:3442

Comment 25 errata-xmlrpc 2021-09-07 14:57:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3439 https://access.redhat.com/errata/RHSA-2021:3439

Comment 26 errata-xmlrpc 2021-09-07 15:07:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3443 https://access.redhat.com/errata/RHSA-2021:3443

Comment 27 errata-xmlrpc 2021-09-07 15:14:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3445 https://access.redhat.com/errata/RHSA-2021:3445

Comment 28 errata-xmlrpc 2021-09-07 15:21:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3444 https://access.redhat.com/errata/RHSA-2021:3444

Comment 29 errata-xmlrpc 2021-09-07 15:25:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3441 https://access.redhat.com/errata/RHSA-2021:3441

Comment 30 errata-xmlrpc 2021-09-07 15:26:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3438 https://access.redhat.com/errata/RHSA-2021:3438

Comment 31 errata-xmlrpc 2021-09-07 16:46:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3446 https://access.redhat.com/errata/RHSA-2021:3446

Comment 32 Product Security DevOps Team 2021-09-07 20:33:34 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3715

Comment 34 errata-xmlrpc 2021-09-09 09:22:17 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2021:3477 https://access.redhat.com/errata/RHSA-2021:3477


Note You need to log in before you can comment on or make changes to this bug.