CVE-2021-47002: Linux Kernel SUNRPC Null Pointer Dereference Vulnerability Resolved

A crucial vulnerability has been resolved in the Linux kernel to prevent potential security threats. The vulnerability specifically occurs in the Sun Remote Procedure Call (SUNRPC) subsystem of the Linux kernel. It is crucial to understand the nature of this vulnerability and the steps taken to fix it. This post will provide a comprehensive overview of CVE-2021-47002, including the code snippet containing the fix, original references, and exploit details.

Vulnerability Details

In the Linux kernel, there was a null pointer dereference issue in the 'svc_rqst_free()' function. The problem occurred when the 'alloc_pages_node()' function returned null in 'svc_rqst_alloc()'. As a result, the null 'rq_scratch_page' pointer was dereferenced when calling the 'put_page()' function in 'svc_rqst_free()'. To fix the issue, a null check was added to prevent the dereference of a null pointer.

Here is the code snippet demonstrating the fix

static void svc_rqst_free(struct svc_rqst *rqstp)
{
    if (rqstp->rq_respages) {
        int i;
        for (i = ; i < ARRAY_SIZE(rqstp->rq_scratch);
                     i++) {
            if (rqstp->rq_scratch[i] == NULL)
                break;
            put_page(rqstp->rq_scratch[i]);
        }
        kfree(rqstp->rq_respages);
    }
    kfree(rqstp);
}

As you can see, the fix involves adding a null check within the for loop to ensure the 'rq_scratch_page' pointer is not dereferenced when it is null.

The information about this vulnerability and its fix can be found in the following resources

1. Git.kernel.org: You can find the commit that fixed the issue in the Linux kernel repository at this link.

2. Coverity: Coverity addresses this issue as a "Dereference after null check" vulnerability. More details can be found through their platform, which requires a login.

Exploit Details

While there are currently no known exploits targeting this vulnerability specifically, an attacker who could exploit this null pointer dereference issue may have been able to cause a system crash (denial of service) or potentially escalate privileges.

The resolution of CVE-2021-47002 in the Linux kernel has further enhanced the overall security of the operating system. As a user of the Linux kernel, it is essential to keep your system up-to-date with the latest patches and fixes to ensure the safety and stability of your environment.

Timeline

Published on: 02/28/2024 09:15:38 UTC
Last modified on: 07/05/2024 08:15:01 UTC