cve/published/2021/CVE-2021-46991.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2021-46991: i40e: Fix use-after-free in i40e_client_subtask()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 i40e: Fix use-after-free in i40e_client_subtask()

 Currently the call to i40e_client_del_instance frees the object
 pf->cinst, however pf->cinst->lan_info is being accessed after
 the free. Fix this by adding the missing return.

 Addresses-Coverity: ("Read from pointer after free")

 The Linux kernel CVE team has assigned CVE-2021-46991 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 4.19.191 with commit c1322eaeb8af0d8985b5cc5fa759140fa0e57b84
 	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 5.4.120 with commit d718c15a2bf9ae082d5ae4d177fb19ef23cb4132
 	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 5.10.38 with commit 829a713450b8fb127cbabfc1244c1d8179ec5107
 	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 5.11.22 with commit 4ebc10aa7cd17fd9857dedac69600465c9dd16d1
 	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 5.12.5 with commit 1fd5d262e7442192ac7611ff1597a36c5b044323
 	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 5.13 with commit 38318f23a7ef86a8b1862e5e8078c4de121960c3

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2021-46991
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/ethernet/intel/i40e/i40e_client.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/c1322eaeb8af0d8985b5cc5fa759140fa0e57b84
 	https://git.kernel.org/stable/c/d718c15a2bf9ae082d5ae4d177fb19ef23cb4132
 	https://git.kernel.org/stable/c/829a713450b8fb127cbabfc1244c1d8179ec5107
 	https://git.kernel.org/stable/c/4ebc10aa7cd17fd9857dedac69600465c9dd16d1
 	https://git.kernel.org/stable/c/1fd5d262e7442192ac7611ff1597a36c5b044323
 	https://git.kernel.org/stable/c/38318f23a7ef86a8b1862e5e8078c4de121960c3
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2021-46991: i40e: Fix use-after-free in i40e_client_subtask()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	i40e: Fix use-after-free in i40e_client_subtask()

	Currently the call to i40e_client_del_instance frees the object
	pf->cinst, however pf->cinst->lan_info is being accessed after
	the free. Fix this by adding the missing return.

	Addresses-Coverity: ("Read from pointer after free")

	The Linux kernel CVE team has assigned CVE-2021-46991 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 4.19.191 with commit c1322eaeb8af0d8985b5cc5fa759140fa0e57b84
	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 5.4.120 with commit d718c15a2bf9ae082d5ae4d177fb19ef23cb4132
	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 5.10.38 with commit 829a713450b8fb127cbabfc1244c1d8179ec5107
	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 5.11.22 with commit 4ebc10aa7cd17fd9857dedac69600465c9dd16d1
	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 5.12.5 with commit 1fd5d262e7442192ac7611ff1597a36c5b044323
	Issue introduced in 4.16 with commit 7b0b1a6d0ac983ce1928432285d0222d4fb7c38b and fixed in 5.13 with commit 38318f23a7ef86a8b1862e5e8078c4de121960c3

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-46991
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/ethernet/intel/i40e/i40e_client.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/c1322eaeb8af0d8985b5cc5fa759140fa0e57b84
	https://git.kernel.org/stable/c/d718c15a2bf9ae082d5ae4d177fb19ef23cb4132
	https://git.kernel.org/stable/c/829a713450b8fb127cbabfc1244c1d8179ec5107
	https://git.kernel.org/stable/c/4ebc10aa7cd17fd9857dedac69600465c9dd16d1
	https://git.kernel.org/stable/c/1fd5d262e7442192ac7611ff1597a36c5b044323
	https://git.kernel.org/stable/c/38318f23a7ef86a8b1862e5e8078c4de121960c3