Bug 2030806 (CVE-2021-44717) - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
Summary: CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-44717
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2030809 2031256 2032330 2032331 2032349 2032350 2032351 2032352 2032353 2032354 2032355 2032361 2032367 2032368 2032369 2032370 2032376 2032377 2032380 2032382 2032383 2032384 2032385 2032393 2032394 2032395 2032396 2032397 2032398 2035255 2035256 2013628 2030808 2030810 2030851 2031257 2031258 2031614 2031615 2031616 2031617 2031618 2031619 2031620 2031621 2031622 2031623 2031624 2031625 2031626 2031627 2031628 2031629 2031923 2032332 2032333 2032334 2032335 2032337 2032338 2032339 2032340 2032341 2032342 2032343 2032346 2032347 2032348 2032356 2032357 2032358 2032359 2032360 2032362 2032363 2032372 2032373 2032374 2032375 2032379 2032381 2032386 2032387 2032388 2032389 2032390 2032391 2032392 2032442 2032443 2032444 2032445 2032446 2032954 2033305 2033306 2033831 2033832 2033833 2033834 2033835 2033836 2035253 2043455 2043456 2043457 2043458 2043459 2043460 2043461 2043465 2043466 2043467 2043470
Blocks: 2030812
TreeView+ depends on / blocked
 
Reported: 2021-12-09 18:41 UTC by Guilherme de Almeida Suckevicz
Modified: 2022-05-17 09:56 UTC (History)
117 users (show)

Fixed In Version: Go 1.17.5, Go 1.16.12
Doc Type: If docs needed, set a value
Doc Text:
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
Clone Of:
Environment:
Last Closed: 2022-05-11 19:45:27 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:5172 0 None None None 2021-12-15 19:39:39 UTC
Red Hat Product Errata RHBA-2021:5196 0 None None None 2021-12-16 18:38:37 UTC
Red Hat Product Errata RHSA-2021:5160 0 None None None 2021-12-15 16:28:20 UTC
Red Hat Product Errata RHSA-2021:5176 0 None None None 2021-12-16 10:52:11 UTC
Red Hat Product Errata RHSA-2022:0055 0 None None None 2022-03-10 13:16:24 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:02:16 UTC
Red Hat Product Errata RHSA-2022:0927 0 None None None 2022-03-21 12:05:52 UTC
Red Hat Product Errata RHSA-2022:0947 0 None None None 2022-03-16 15:50:47 UTC
Red Hat Product Errata RHSA-2022:1051 0 None None None 2022-03-24 15:02:44 UTC
Red Hat Product Errata RHSA-2022:1056 0 None None None 2022-03-24 15:19:57 UTC
Red Hat Product Errata RHSA-2022:1361 0 None None None 2022-04-13 15:31:42 UTC
Red Hat Product Errata RHSA-2022:1372 0 None None None 2022-04-13 18:49:35 UTC
Red Hat Product Errata RHSA-2022:1734 0 None None None 2022-05-05 13:49:58 UTC

Description Guilherme de Almeida Suckevicz 2021-12-09 18:41:07 UTC
When a Go program running on a Unix system is out of file descriptors and calls syscall.ForkExec (including indirectly by using the os/exec package), syscall.ForkExec can close file descriptor 0 as it fails. If this happens (or can be provoked) repeatedly, it can result in misdirected I/O such as writing network traffic intended for one connection to a different connection, or content intended for one file to a different one.

Reference:
https://github.com/golang/go/issues/50057

Comment 1 Guilherme de Almeida Suckevicz 2021-12-09 18:41:49 UTC
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2030808]
Affects: fedora-all [bug 2030810]
Affects: openstack-rdo [bug 2030809]

Comment 3 Summer Long 2021-12-10 00:34:16 UTC
Upstream commits: https://go-review.googlesource.com/c/go/+/370577/
Upstream commits: https://go-review.googlesource.com/c/go/+/370576/

Comment 13 errata-xmlrpc 2021-12-15 16:28:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:5160 https://access.redhat.com/errata/RHSA-2021:5160

Comment 14 errata-xmlrpc 2021-12-16 10:52:06 UTC
This issue has been addressed in the following products:

  Red Hat Developer Tools

Via RHSA-2021:5176 https://access.redhat.com/errata/RHSA-2021:5176

Comment 28 errata-xmlrpc 2022-03-10 13:16:17 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2022:0055 https://access.redhat.com/errata/RHSA-2022:0055

Comment 29 errata-xmlrpc 2022-03-10 16:02:11 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2022:0056 https://access.redhat.com/errata/RHSA-2022:0056

Comment 30 errata-xmlrpc 2022-03-16 15:50:41 UTC
This issue has been addressed in the following products:

  RHEL-8-CNV-4.10

Via RHSA-2022:0947 https://access.redhat.com/errata/RHSA-2022:0947

Comment 31 errata-xmlrpc 2022-03-21 12:05:45 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2022:0927 https://access.redhat.com/errata/RHSA-2022:0927

Comment 32 errata-xmlrpc 2022-03-24 15:02:38 UTC
This issue has been addressed in the following products:

  Openshift Serveless 1.21

Via RHSA-2022:1051 https://access.redhat.com/errata/RHSA-2022:1051

Comment 33 errata-xmlrpc 2022-03-24 15:19:52 UTC
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2022:1056 https://access.redhat.com/errata/RHSA-2022:1056

Comment 34 errata-xmlrpc 2022-04-13 15:31:35 UTC
This issue has been addressed in the following products:

  RHODF-4.10-RHEL-8

Via RHSA-2022:1361 https://access.redhat.com/errata/RHSA-2022:1361

Comment 35 errata-xmlrpc 2022-04-13 18:49:28 UTC
This issue has been addressed in the following products:

  RHODF-4.10-RHEL-8

Via RHSA-2022:1372 https://access.redhat.com/errata/RHSA-2022:1372

Comment 37 errata-xmlrpc 2022-05-05 13:49:53 UTC
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2022:1734 https://access.redhat.com/errata/RHSA-2022:1734

Comment 39 Product Security DevOps Team 2022-05-11 19:45:21 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-44717


Note You need to log in before you can comment on or make changes to this bug.