2063236 – (CVE-2021-39713) CVE-2021-39713 kernel: race condition in the network scheduling subsystem could lead to an use-after-free

Bug 2063236 (CVE-2021-39713) - CVE-2021-39713 kernel: race condition in the network scheduling subsystem could lead to an use-after-free

Summary: CVE-2021-39713 kernel: race condition in the network scheduling subsystem cou...

Keywords:
Status:	NEW
Alias:	CVE-2021-39713
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:	Li Shuang
Docs Contact:
URL:
Whiteboard:
Depends On:	2063237 2063841 2063842 2063843 2063844 2063845 2063846 2063847 2063848 2063849 2063850 2063851 2063852 2064650
Blocks:	2063238
TreeView+	depends on / blocked

Reported:	2022-03-11 14:55 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-10-10 19:32 UTC (History)
CC List:	57 users (show)
Fixed In Version:	kernel 5.1 rc1
Doc Type:	If docs needed, set a value
Doc Text:	A use-after-free flaw was found in the Linux kernel’s network scheduling subsystem due to a race condition. This flaw allows a local user to cause a denial of service (memory corruption or crash) or privilege escalation.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2022-03-11 14:55:38 UTC

The syzbot tool found a race condition in the network scheduling subsystem which could lead to a use-after-free. A local user could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation.

References and upstream patches:
https://source.android.com/security/bulletin/pixel/2022-03-01
https://android.googlesource.com/kernel/common/+/e368fdb61d8e7
https://android.googlesource.com/kernel/common/+/9d7e82cec35c0
https://android.googlesource.com/kernel/common/+/3a7d0d07a3867
https://android.googlesource.com/kernel/common/+/86bd446b5cebd
https://android.googlesource.com/kernel/common/+/6f99528e97977

Comment 1 Guilherme de Almeida Suckevicz 2022-03-11 14:57:12 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2063237]

Comment 2 Justin M. Forbes 2022-03-11 17:05:01 UTC

These fixes went upstream in 4.20 and addressed in Fedora with the 4.20.x kernel rebases.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
allarkin
asavkov
bdettelb
bhu
chwhite
crwood
dcaratti
dvlasenk
hdegoede
hkrzesin
jarod
jarodwilson
jburrell
jeremy
jfaracco
jforbes
jglisse
jlelli
joe.lawrence
jonathan
josef
jpoimboe
jshortt
jstancek
jthierry
jwboyer
jwyatt
kcarcia
kernel-maint
kernel-mgr
kpatch-maint-bot
lgoncalv
linville
lzampier
masami256
mchehab
michal.skrivanek
mperina
nmurray
nobody
ptalbert
qzhao
rhandlin
rkeshri
rvrbovsk
scweaver
shuali
steved
vkumar
walters
williams
ycote
zulinx86