Fixed
Created: May 24, 2024
Updated: Jun 15, 2024
Resolved Date: May 31, 2024
Found In Version: 10.22.33.1
Fix Version: 10.22.33.17
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:ethtool: do not perform operations on net devices being unregisteredThere is a short period between a net device starts to be unregisteredand when it is actually gone. In that time frame ethtool operationscould still be performed, which might end up in unwanted or undefinedbehaviours1].Do not allow ethtool operations after a net device starts itsunregistration. This patch targets the netlink part as the ioctl oneisn't affected: the reference to the net device is taken and theoperation is executed within an rtnl lock section and the net devicewon't be found after unregister.[1] For example adding Tx queues after unregister ends up in NULL pointer exceptions and UaFs, such as: BUG: KASAN: use-after-free in kobject_get+0x14/0x90 Read of size 1 at addr ffff88801961248c by task ethtool/755 CPU: 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014 Call Trace: dump_stack_lvl+0x57/0x72 print_address_description.constprop.0+0x1f/0x140 kasan_report.cold+0x7f/0x11b kobject_get+0x14/0x90 kobject_add_internal+0x3d1/0x450 kobject_init_and_add+0xba/0xf0 netdev_queue_update_kobjects+0xcf/0x200 netif_set_real_num_tx_queues+0xb4/0x310 veth_set_channels+0x1c3/0x550 ethnl_set_channels+0x524/0x610
CREATE(Triage):(User=admin) [CVE-2021-47517 (https://nvd.nist.gov/vuln/detail/CVE-2021-47517)
