CVE-2021-47086 phonet/pep: refuse to enable an unbound pipe

2024-03-0418:06:12

Linux

github.com

linux kernel

vulnerability

phonet/pep

refusal

unbound pipe

ioctl

socket

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.2%

JSON

In the Linux kernel, the following vulnerability has been resolved:

phonet/pep: refuse to enable an unbound pipe

This ioctl() implicitly assumed that the socket was already bound to
a valid local socket name, i.e. Phonet object. If the socket was not
bound, two separate problems would occur:

We’d send an pipe enablement request with an invalid source object.
Later socket calls could BUG on the socket unexpectedly being
connected yet not bound to a valid object.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/phonet/pep.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "0bbdd62ce9d4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "b10c7d745615",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "311601f11485",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "982b6ba1ce62",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "48c76fc53582",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "52ad5da8e316",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "53ccdc73eeda",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "75a2f3152009",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/phonet/pep.c"
    ],
    "versions": [
      {
        "version": "4.4.297",
        "lessThanOrEqual": "4.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.9.295",
        "lessThanOrEqual": "4.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.14.260",
        "lessThanOrEqual": "4.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.223",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.169",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.89",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.12",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]