CVE-2021-47068
Published: Feb 29, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()") fixed a refcount leak bug in bind/connect but introduced a use-after-free if the same local is assigned to 2 different sockets. This can be triggered by the following simple program: int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); int sock2 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); memset( &addr, 0, sizeof(struct sockaddr_nfc_llcp) ); addr.sa_family = AF_NFC; addr.nfc_protocol = NFC_PROTO_NFC_DEP; bind( sock1, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) ) bind( sock2, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) ) close(sock1); close(sock2); Fix this by assigning NULL to llcp_sock->local after calling nfc_llcp_local_put. This addresses CVE-2021-23134.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected a1cdd18c49d23ec38097ac2c5b0d761146fc0109 - < 26157c82ba756767b2bd66d28a71b1bc454447f6affected 18013007b596771bf5f5e7feee9586fb0386ad14 - < ccddad6dd28530e716448e594c9ca7c76ccd0570affected 538a6ff11516d38a61e237d2d2dc04c30c845fbe - < 18ae4a192a4496e48a5490b52812645d2413307caffected adbb1d218c5f56dbae052765da83c0f57fce2a31 - < 48fba458fe54cc2a980a05c13e6c19b8b2cfb610affected c89903c9eff219a4695e63715cf922748d743f65 - < e32352070bcac22be6ed8ab635debc280bb65b8c+11 more versions |
Linux | Linux | affected 5.12unaffected 0 - < 5.12unaffected 4.4.269 - <= 4.4.*unaffected 4.9.269 - <= 4.9.*unaffected 4.14.233 - <= 4.14.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now