CVE - CVE-2021-47496

CVE-ID
CVE-2021-47496	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tls_err_abort() calls sk->sk_err appears to expect a positive value, a convention that ktls doesn't always follow and that leads to memory corruption in other code. For instance, [kworker] tls_encrypt_done(..., err=<negative error from crypto request>) tls_err_abort(.., err) sk->sk_err = err; [task] splice_from_pipe_feed ... tls_sw_do_sendpage if (sk->sk_err) { ret = -sk->sk_err; // ret is positive splice_from_pipe_feed (continued) ret = actor(...) // ret is still positive and interpreted as bytes // written, resulting in underflow of buf->len and // sd->len, leading to huge buf->offset and bogus // addresses computed in later calls to actor() Fix all tls_err_abort() callers to pass a negative error code consistently and centralize the error-prone sign flip there, throwing in a warning to catch future misuse and uninlining the function so it really does only warn once.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/da353fac65fede6b8b4cfe207f0d9408e3121105 URL:https://git.kernel.org/stable/c/da353fac65fede6b8b4cfe207f0d9408e3121105 MISC:https://git.kernel.org/stable/c/e0cfd5159f314d6b304d030363650b06a2299cbb URL:https://git.kernel.org/stable/c/e0cfd5159f314d6b304d030363650b06a2299cbb MISC:https://git.kernel.org/stable/c/e41473543f75f7dbc5d605007e6f883f1bd13b9a URL:https://git.kernel.org/stable/c/e41473543f75f7dbc5d605007e6f883f1bd13b9a MISC:https://git.kernel.org/stable/c/f3dec7e7ace38224f82cf83f0049159d067c2e19 URL:https://git.kernel.org/stable/c/f3dec7e7ace38224f82cf83f0049159d067c2e19
Assigning CNA
kernel.org
Date Record Created
20240522	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240522)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)