In the Linux kernel, the following vulnerability has been resolved: net:
dsa: microchip: Added the condition for scheduling ksz_mib_read_work When
the ksz module is installed and removed using rmmod, kernel crashes with
null pointer dereferrence error. During rmmod, ksz_switch_remove function
tries to cancel the mib_read_workqueue using cancel_delayed_work_sync
routine and unregister switch from dsa. During dsa_unregister_switch it
calls ksz_mac_link_down, which in turn reschedules the workqueue since
mib_interval is non-zero. Due to which queue executed after mib_interval
and it tries to access dp->slave. But the slave is unregistered in the
ksz_switch_remove function. Hence kernel crashes. To avoid this crash,
before canceling the workqueue, resetted the mib_interval to 0. v1 -> v2:
-Removed the if condition in ksz_mib_read_work
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/ef1100ef20f29aec4e62abeccdb5bdbebba1e378 (5.15-rc6)
git.kernel.org/stable/c/383239a33cf29ebee9ce0d4e0e5c900b77a16148
git.kernel.org/stable/c/ef1100ef20f29aec4e62abeccdb5bdbebba1e378
git.kernel.org/stable/c/f2e1de075018cf71bcd7d628e9f759cb8540b0c3
launchpad.net/bugs/cve/CVE-2021-47439
nvd.nist.gov/vuln/detail/CVE-2021-47439
security-tracker.debian.org/tracker/CVE-2021-47439
www.cve.org/CVERecord?id=CVE-2021-47439