Bug 2027201 (CVE-2021-4028) - CVE-2021-4028 kernel: use-after-free in RDMA listen()
Summary: CVE-2021-4028 kernel: use-after-free in RDMA listen()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-4028
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2032076 2032068 2032069 2032070 2032071 2032072 2032073 2032074 2032075 2032077 2032079 2032080 2032081 2032082 2033241 2033242 2033351 2033352 2033353 2033355 2033356 2033357 2033359 2033360 2033361 2033362 2033363 2033364 2056588 2069037
Blocks: 2026963
TreeView+ depends on / blocked
 
Reported: 2021-11-29 06:01 UTC by Wade Mealing
Modified: 2022-06-03 16:42 UTC (History)
59 users (show)

Fixed In Version: kernel 5.15-rc1
Doc Type: If docs needed, set a value
Doc Text:
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
Clone Of:
Environment:
Last Closed: 2022-06-03 16:42:57 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:1044 0 None None None 2022-03-24 07:23:42 UTC
Red Hat Product Errata RHBA-2022:1261 0 None None None 2022-04-06 18:40:45 UTC
Red Hat Product Errata RHBA-2022:1317 0 None None None 2022-04-12 11:21:14 UTC
Red Hat Product Errata RHSA-2022:0590 0 None None None 2022-02-22 09:00:53 UTC
Red Hat Product Errata RHSA-2022:0629 0 None None None 2022-02-22 15:15:40 UTC
Red Hat Product Errata RHSA-2022:0636 0 None None None 2022-02-22 15:54:37 UTC
Red Hat Product Errata RHSA-2022:0771 0 None None None 2022-03-08 15:02:49 UTC
Red Hat Product Errata RHSA-2022:0772 0 None None None 2022-03-08 15:54:07 UTC
Red Hat Product Errata RHSA-2022:0777 0 None None None 2022-03-08 17:51:18 UTC
Red Hat Product Errata RHSA-2022:0823 0 None None None 2022-03-10 15:31:24 UTC
Red Hat Product Errata RHSA-2022:0851 0 None None None 2022-03-14 10:18:58 UTC
Red Hat Product Errata RHSA-2022:0958 0 None None None 2022-03-17 16:28:03 UTC
Red Hat Product Errata RHSA-2022:1185 0 None None None 2022-04-05 08:47:51 UTC
Red Hat Product Errata RHSA-2022:1198 0 None None None 2022-04-05 17:16:11 UTC
Red Hat Product Errata RHSA-2022:1199 0 None None None 2022-04-05 17:16:38 UTC
Red Hat Product Errata RHSA-2022:1263 0 None None None 2022-04-07 09:02:58 UTC
Red Hat Product Errata RHSA-2022:1324 0 None None None 2022-04-12 15:37:09 UTC
Red Hat Product Errata RHSA-2022:1373 0 None None None 2022-04-13 19:58:31 UTC
Red Hat Product Errata RHSA-2022:1535 0 None None None 2022-04-26 16:45:37 UTC
Red Hat Product Errata RHSA-2022:1550 0 None None None 2022-04-26 21:49:53 UTC
Red Hat Product Errata RHSA-2022:1555 0 None None None 2022-04-26 17:10:33 UTC
Red Hat Product Errata RHSA-2022:2186 0 None None None 2022-05-11 15:24:06 UTC
Red Hat Product Errata RHSA-2022:2188 0 None None None 2022-05-11 13:23:53 UTC
Red Hat Product Errata RHSA-2022:2189 0 None None None 2022-05-11 13:21:06 UTC
Red Hat Product Errata RHSA-2022:2211 0 None None None 2022-05-11 18:52:14 UTC
Red Hat Product Errata RHSA-2022:4896 0 None None None 2022-06-03 13:48:30 UTC

Description Wade Mealing 2021-11-29 06:01:09 UTC
A flaw in the Linux kernels implementation of RDMA communications manager listener code allowed an attacker with local access to setup socket to listen on a high port allowing for a list element to be used after free.  Given the ability to execute code a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

Comment 2 Wade Mealing 2021-11-30 04:14:39 UTC
Investigation is ongoing for this issue to qualify it better than what I currently understand it.

Comment 5 Wade Mealing 2021-12-14 01:43:43 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2032068]

Comment 12 Salvatore Bonaccorso 2021-12-18 21:16:09 UTC
Is this issue know to upstream, is there an upstream fix? I'm trying to properly track this CVE in Debian, but was unable to isolate an upstream commit relating to it. Possible to share information on the CVE in question?

Comment 13 Salvatore Bonaccorso 2021-12-18 21:18:10 UTC
Is the assessment from https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0 correct?

Comment 15 Justin M. Forbes 2022-01-05 14:36:20 UTC
This was fixed for Fedora with the 5.14.10 stable kernel updates.

Comment 17 Wade Mealing 2022-01-10 01:43:30 UTC
Added 2032070 to depends list.

Comment 19 Sandro Bonazzola 2022-02-21 14:33:53 UTC
Created oVirt tracking bug for this issue:

Affects: oVirt Node 4.4 [2056588]

Comment 20 errata-xmlrpc 2022-02-22 09:00:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0590 https://access.redhat.com/errata/RHSA-2022:0590

Comment 21 errata-xmlrpc 2022-02-22 15:15:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0629 https://access.redhat.com/errata/RHSA-2022:0629

Comment 22 errata-xmlrpc 2022-02-22 15:54:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0636 https://access.redhat.com/errata/RHSA-2022:0636

Comment 23 errata-xmlrpc 2022-03-08 15:02:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0771 https://access.redhat.com/errata/RHSA-2022:0771

Comment 24 errata-xmlrpc 2022-03-08 15:54:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0772 https://access.redhat.com/errata/RHSA-2022:0772

Comment 25 errata-xmlrpc 2022-03-08 17:51:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0777 https://access.redhat.com/errata/RHSA-2022:0777

Comment 26 errata-xmlrpc 2022-03-10 15:31:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0823 https://access.redhat.com/errata/RHSA-2022:0823

Comment 27 errata-xmlrpc 2022-03-14 10:18:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0851 https://access.redhat.com/errata/RHSA-2022:0851

Comment 28 errata-xmlrpc 2022-03-17 16:28:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0958 https://access.redhat.com/errata/RHSA-2022:0958

Comment 30 Wade Mealing 2022-03-28 05:20:54 UTC
Sadly, I couldnt make trackers for a product when the tool would not make trackers at the time.  I am kinda confused how it made the other current stream and not 8.7 GA.

Comment 37 errata-xmlrpc 2022-04-05 08:47:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1185 https://access.redhat.com/errata/RHSA-2022:1185

Comment 38 errata-xmlrpc 2022-04-05 17:16:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1198 https://access.redhat.com/errata/RHSA-2022:1198

Comment 39 errata-xmlrpc 2022-04-05 17:16:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1199 https://access.redhat.com/errata/RHSA-2022:1199

Comment 40 errata-xmlrpc 2022-04-07 09:02:53 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263

Comment 42 errata-xmlrpc 2022-04-12 15:37:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2022:1324 https://access.redhat.com/errata/RHSA-2022:1324

Comment 43 errata-xmlrpc 2022-04-13 19:58:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions

Via RHSA-2022:1373 https://access.redhat.com/errata/RHSA-2022:1373

Comment 44 errata-xmlrpc 2022-04-26 16:45:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1535 https://access.redhat.com/errata/RHSA-2022:1535

Comment 45 errata-xmlrpc 2022-04-26 17:10:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1555 https://access.redhat.com/errata/RHSA-2022:1555

Comment 46 errata-xmlrpc 2022-04-26 21:49:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1550 https://access.redhat.com/errata/RHSA-2022:1550

Comment 47 errata-xmlrpc 2022-05-11 13:21:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2022:2189 https://access.redhat.com/errata/RHSA-2022:2189

Comment 48 errata-xmlrpc 2022-05-11 13:23:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2022:2188 https://access.redhat.com/errata/RHSA-2022:2188

Comment 49 errata-xmlrpc 2022-05-11 15:24:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2022:2186 https://access.redhat.com/errata/RHSA-2022:2186

Comment 50 errata-xmlrpc 2022-05-11 18:52:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions

Via RHSA-2022:2211 https://access.redhat.com/errata/RHSA-2022:2211

Comment 52 errata-xmlrpc 2022-06-03 13:48:26 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896

Comment 53 Product Security DevOps Team 2022-06-03 16:42:53 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-4028


Note You need to log in before you can comment on or make changes to this bug.