In the Linux kernel, the following vulnerability has been resolved:
net: batman-adv: fix error handling
Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was
in wrong error handling in batadv_mesh_init().
Before this patch batadv_mesh_init() was calling batadv_mesh_free() in case
of any batadv_*_init() calls failure. This approach may work well, when
there is some kind of indicator, which can tell which parts of batadv are
initialized; but there isn't any.
All written above lead to cleaning up uninitialized fields. Even if we hide
ODEBUG warning by initializing bat_priv->nc.work, syzbot was able to hit
GPF in batadv_nc_purge_paths(), because hash pointer in still NULL. [1]
To fix these bugs we can unwind batadv_*_init() calls one by one.
It is good approach for 2 reasons: 1) It fixes bugs on error handling
path 2) It improves the performance, since we won't call unneeded
batadv_*_free() functions.
So, this patch makes all batadv_*_init() clean up all allocated memory
before returning with an error to no call correspoing batadv_*_free()
and open-codes batadv_mesh_free() with proper order to avoid touching
uninitialized fields.
Metrics
Affected Vendors & Products
References
History
Mon, 04 Nov 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux kernel |
|
CPEs | cpe:2.3:a:linux:kernel:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linux
Linux kernel |
|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-05-22T08:19:34.174Z
Updated: 2024-12-19T07:43:15.740Z
Reserved: 2024-05-22T06:20:56.200Z
Link: CVE-2021-47482
Vulnrichment
Updated: 2024-08-04T05:39:59.554Z
NVD
Status : Awaiting Analysis
Published: 2024-05-22T09:15:10.150
Modified: 2024-11-21T06:36:17.430
Link: CVE-2021-47482
Redhat