CVE-2021-47556

{"id": "CVE-2021-47556", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-24T15:15:20.320", "references": [{"url": "https://git.kernel.org/stable/c/0276af2176c78771da7f311621a25d7608045827", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/abfdd9e2f0f9699015d72317f74154d3e53664e6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/0276af2176c78771da7f311621a25d7608045827", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/abfdd9e2f0f9699015d72317f74154d3e53664e6", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()\n\nethtool_set_coalesce() now uses both the .get_coalesce() and\n.set_coalesce() callbacks. But the check for their availability is\nbuggy, so changing the coalesce settings on a device where the driver\nprovides only _one_ of the callbacks results in a NULL pointer\ndereference instead of an -EOPNOTSUPP.\n\nFix the condition so that the availability of both callbacks is\nensured. This also matches the netlink code.\n\nNote that reproducing this requires some effort - it only affects the\nlegacy ioctl path, and needs a specific combination of driver options:\n- have .get_coalesce() and .coalesce_supported but no\n .set_coalesce(), or\n- have .set_coalesce() but no .get_coalesce(). Here eg. ethtool doesn't\n cause the crash as it first attempts to call ethtool_get_coalesce()\n and bails out on error."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ethtool: ioctl: corrige un posible deref NULL en ethtool_set_coalesce() ethtool_set_coalesce() ahora usa las devoluciones de llamada .get_coalesce() y .set_coalesce(). Pero la verificaci\u00f3n de su disponibilidad tiene errores, por lo que cambiar la configuraci\u00f3n de fusi\u00f3n en un dispositivo donde el controlador proporciona solo _una_ de las devoluciones de llamada da como resultado una desreferencia del puntero NULL en lugar de un -EOPNOTSUPP. Corrija la condici\u00f3n para que se garantice la disponibilidad de ambas devoluciones de llamada. Esto tambi\u00e9n coincide con el c\u00f3digo netlink. Tenga en cuenta que reproducir esto requiere algo de esfuerzo: solo afecta la ruta ioctl heredada y necesita una combinaci\u00f3n espec\u00edfica de opciones de controlador: - tener .get_coalesce() y .coalesce_supported pero no .set_coalesce(), o - tener .set_coalesce() pero no .get_coalesce(). Aqu\u00ed por ej. ethtool no causa el bloqueo ya que primero intenta llamar a ethtool_get_coalesce() y sale por error."}], "lastModified": "2024-11-21T06:36:32.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "082C8F69-46F5-469A-A650-E0340F11BEF5", "versionEndExcluding": "5.15.6", "versionStartIncluding": "5.15"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}