Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 31 Jan 2024 08:25:42 -0300
From: Thadeu Lima de Souza Cascardo <cascardo@...onical.com>
To: oss-security@...ts.openwall.com
Cc: Armin Kuster <akuster@...sta.com>
Subject: Re: FWD: Kernel vulnerabilities CVE-2021-33630 &
 CVE-2021-33631

On Tue, Jan 30, 2024 at 03:25:24PM +0100, Solar Designer wrote:
> Hi,
[...]
> > https://nvd.nist.gov/vuln/detail/CVE-2021-33630
> 
> This says:
> 
> "NULL Pointer Dereference vulnerability in openEuler kernel on Linux
> (network modules) allows Pointer Manipulation. This vulnerability is
> associated with program files net/sched/sch_cbs.C. This issue affects
> openEuler kernel: from 4.19.90 before 4.19.90-2401.3."
> 
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c
> 
> This mainline commit is from 2019, "net/sched: cbs: Fix not adding cbs
> instance to list".
> 
[...]
> The above links don't say anything about attack vectors and required
> access - I guess CAP_NET_ADMIN [...]
[...]
 
> Alexander

I always find it lacking when CAP_NET_ADMIN is mentioned but without specifying
if it is the capability in the initial user namespace or any user namespace.

That is relevant for Ubuntu since it allows unprivileged creation of user
namespaces by default making it a PR:L instead of a PR:H attack, using CVSS
parlance.

I suppose it is relevant for other distros and systems as well, so worth noting
that this is important information.

Cascardo.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.