oss-sec mailing list archives
Linux kernel: CVE-2022-1516: NULL pointer dereference in Linux kernel`s X.25 network protocol
From: duoming () zju edu cn
Date: Sun, 19 Jun 2022 22:48:04 +0800 (GMT+08:00)
Hello there, A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. =*=*=*=*=*=*=*=*= Bug Details =*=*=*=*=*=*=*=*= When the link layer is terminating, x25->neighbour will be set to NULL in x25_disconnect(). As a result, it could cause null-ptr-deref bugs in x25_sendmsg(),x25_recvmsg() and x25_connect(). One of the bugs is shown below. (Thread 1) | (Thread 2) x25_link_terminated() | x25_recvmsg() x25_kill_by_neigh() | ... x25_disconnect() | lock_sock(sk) ... | ... x25->neighbour = NULL //(1) | ... | x25->neighbour->extended //(2) The code sets NULL to x25->neighbour in position (1) and dereferences x25->neighbour in position (2), which could cause null-ptr-deref bug. =*=*=*=*=*=*=*=*= Bug Effects =*=*=*=*=*=*=*=*= This flaw allows a local user to crash the system. =*=*=*=*=*=*=*=*= Bug Fix =*=*=*=*=*=*=*=*= The patch that have been applied to mainline Linux kernel is shown below. https://github.com/torvalds/linux/commit/7781607938c8371d4c2b243527430241c62e39c2 =*=*=*=*=*=*=*=*= Timeline =*=*=*=*=*=*=*=*= 2022-03-26: commit 7781607938c8 accepted to mainline kernel 2022-03-26: CVE-2022-1516 is assigned =*=*=*=*=*=*=*=*= Credit =*=*=*=*=*=*=*=*= Duoming Zhou <duoming () zju edu cn> Best Regards, Duoming Zhou
Current thread:
- Linux kernel: CVE-2022-1516: NULL pointer dereference in Linux kernel`s X.25 network protocol duoming (Jun 19)