2063228 – (CVE-2021-39698) CVE-2021-39698 kernel: use-after-free in the file polling implementation

Bug 2063228 (CVE-2021-39698) - CVE-2021-39698 kernel: use-after-free in the file polling implementation

Summary: CVE-2021-39698 kernel: use-after-free in the file polling implementation

Keywords:
Status:	NEW
Alias:	CVE-2021-39698
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2063229 2063627 2063628 2063629 2063630 2063631 2063632 2063633 2063634 2063635 2063636 2063637 2063638 2063639 2063640 2063641 2063642 2063643 2063644 2063645 2063646 2063647 2063648 2063649 2063650 2063651 2063652 2063653 2063654 2063655 2063656 2063657 2063658 2063694 2063695 2065566
Blocks:	2063231
TreeView+	depends on / blocked

Reported:	2022-03-11 14:42 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-10-10 19:40 UTC (History)
CC List:	60 users (show)
Fixed In Version:	kernel 5.16 rc5
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in the Linux kernel’s file polling implementation in kernel/sched/wait.c., which leads to a use-after-free problem. This flaw allows a local user to cause a denial of service (memory corruption or crash) or privilege escalation.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2022-03-11 14:42:01 UTC

A vulnerability was found in the file polling implementation, which could lead to a use-after-free. A local user could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation.

References and upstream patches:
https://source.android.com/security/bulletin/2022-03-01
https://android.googlesource.com/kernel/common/+/42288cb44c4b
https://android.googlesource.com/kernel/common/+/a880b28a71e3
https://android.googlesource.com/kernel/common/+/9537bae0da1f
https://android.googlesource.com/kernel/common/+/363bee27e258
https://android.googlesource.com/kernel/common/+/50252e4b5e98

Comment 1 Guilherme de Almeida Suckevicz 2022-03-11 14:43:00 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2063229]

Comment 2 Justin M. Forbes 2022-03-11 16:54:19 UTC

This was fixed for Fedora with the 5.15.8 stable kernel update.

Comment 20 Sandro Bonazzola 2022-03-18 08:34:28 UTC

Created kernel tracking bugs for this issue:

Affects: ovirt-4.4 [bug 2065566]

Comment 31 Rohit Keshri 2022-04-05 13:57:15 UTC

There was no shipped kernel version that was seen affected by this problem.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
aquini
asavkov
bdettelb
bhu
chwhite
crecklin
crwood
dbohanno
dvlasenk
esandeen
hdegoede
hkrzesin
jarod
jarodwilson
jburrell
jeremy
jfaracco
jforbes
jglisse
jlelli
jmoyer
joe.lawrence
jonathan
josef
jpoimboe
jshortt
jstancek
jthierry
jwboyer
jwyatt
kcarcia
kernel-maint
kernel-mgr
kpatch-maint-bot
lgoncalv
linville
lzampier
masami256
mchehab
michal.skrivanek
mperina
nmurray
nobody
ptalbert
qzhao
rhandlin
rkeshri
rvrbovsk
scweaver
steved
vkumar
walters
williams
xzhou
ycote
zulinx86