The Linux kernel is the core of the Linux operating system, and vulnerabilities in the kernel such as CVE-2021-46929 can have significant implications for affected systems. Recently, a vulnerability in the Stream Control Transmission Protocol (SCTP) has been resolved, addressing a use-after-free issue in sctp_sock_dump().

To better understand the context, refer to the original patch submission in the Linux kernel mailing list (Link to Source) and the patch applied in the Linux kernel git repository (Link to Source).

In the Linux kernel, an issue was found in the SCTP when peeling off associations which could result in a use-after-free vulnerability. This was due to the misuse of kfree() when freeing endpoints in the SCTP code.

To address this issue, the patch modifies the SCTP code to use call_rcu() instead of kfree() to free endpoints. This ensures that the endpoint remains valid throughout the process of locking and unlocking the socket (sk).

Here's a code snippet from the patch, showcasing the changes made

+void sctp_endpoint_destroy_rcu(struct rcu_head *rcu)
+{
+	struct sctp_association *asoc;
+	struct sctp_endpoint *ep = container_of(rcu, struct sctp_endpoint,
+						rcu);
+
+	sctp_unhash_endpoint(ep);
+	sock_put(ep->base.sk);
+	list_for_each_entry(asoc, &ep->_asocs, asocs) {
+		sock_put(asoc->base.sk);
+	}
+	kfree(ep++);
+}
...
 void sctp_endpoint_destroy(struct sctp_endpoint *ep)
 {
...
-	kfree(ep);
+	call_rcu(&ep->rcu, sctp_endpoint_destroy_rcu);
 }

With these changes, endpoint destruction is handled securely, not leaving any gaps for potential exploit attempts. Users need to ensure they apply security patches as they become available, keeping systems up-to-date and secure.

In conclusion, CVE-2021-46929 is a Linux kernel vulnerability related to the SCTP protocol, which has now been resolved by a recent patch. It is vital to ensure that your system uses an up-to-date version of the Linux kernel and that security patches are applied in a timely manner. This will help protect against potential exploitation of vulnerabilities like this, ensuring the security and stability of your system.

Timeline

Published on: 02/27/2024 10:15:07 UTC
Last modified on: 04/10/2024 17:05:51 UTC