From bippy-c9c4e1df01b2 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman To: Reply-to: , Subject: CVE-2021-47186: tipc: check for null after calling kmemdup Description =========== In the Linux kernel, the following vulnerability has been resolved: tipc: check for null after calling kmemdup kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_key_xmit as can be seen in the trace [1]. [1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58 The Linux kernel CVE team has assigned CVE-2021-47186 to this issue. Affected and fixed versions =========================== Issue introduced in 5.5 with commit fc1b6d6de220 and fixed in 5.10.82 with commit a7d91625863d Issue introduced in 5.5 with commit fc1b6d6de220 and fixed in 5.15.5 with commit 9404c4145542 Issue introduced in 5.5 with commit fc1b6d6de220 and fixed in 5.16 with commit 3e6db079751a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47186 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/tipc/crypto.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a7d91625863d4ffed63b993b5e6dc1298b6430c9 https://git.kernel.org/stable/c/9404c4145542c23019a80ab1bb2ecf73cd057b10 https://git.kernel.org/stable/c/3e6db079751afd527bf3db32314ae938dc571916