Lucene search

K
redhatcveRedhat.comRH:CVE-2021-47482
HistoryMay 23, 2024 - 11:07 a.m.

CVE-2021-47482

2024-05-2311:07:11
redhat.com
access.redhat.com
3
linux kernel
vulnerability
cve-2021-47482
net
batman-adv
error handling
batadv_nc_mesh_free
batadv_mesh_init
syzbot
odebug warning
uninitialized fields
performance
memory
mitigation

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.0%

In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handling in batadv_mesh_init(). Before this patch batadv_mesh_init() was calling batadv_mesh_free() in case of any batadv_init() calls failure. This approach may work well, when there is some kind of indicator, which can tell which parts of batadv are initialized; but there isn’t any. All written above lead to cleaning up uninitialized fields. Even if we hide ODEBUG warning by initializing bat_priv->nc.work, syzbot was able to hit GPF in batadv_nc_purge_paths(), because hash pointer in still NULL. [1] To fix these bugs we can unwind batadvinit() calls one by one. It is good approach for 2 reasons: 1) It fixes bugs on error handling path 2) It improves the performance, since we won’t call unneeded batadvfree() functions. So, this patch makes all batadvinit() clean up all allocated memory before returning with an error to no call correspoing batadv*_free() and open-codes batadv_mesh_free() with proper order to avoid touching uninitialized fields.

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.0%