SB2024062078 - Improper locking in Linux kernel net driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2021-47574)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xennet_open(), xennet_tx_buf_gc(), xennet_close(), xennet_get_extras(), xennet_fill_frags(), __skb_queue_tail(), xennet_set_features(), setup_netfront_single(), setup_netfront_split() and xennet_init_queue() functions in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/81900aa7d7a130dec4c55b68875e30fb8c9effec
• https://git.kernel.org/stable/c/99120c8230fdd5e8b72a6e4162db9e1c0a61954a
• https://git.kernel.org/stable/c/4bf81386e3d6e5083c93d51eff70260bcec091bb
• https://git.kernel.org/stable/c/3559ca594f15fcd23ed10c0056d40d71e5dab8e5
• https://git.kernel.org/stable/c/3e68d099f09c260a7dee28b99af02fe6977a9e66
• https://git.kernel.org/stable/c/d31b3379179d64724d3bbfa87bd4ada94e3237de
• https://git.kernel.org/stable/c/a29c8b5226eda52e6d6ff151d9343558ea3ad451
• https://git.kernel.org/stable/c/b27d47950e481f292c0a5ad57357edb9d95d03ba
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.259
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.296
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.294
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.88
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.168