1193663 – (CVE-2021-4090) VUL-0: CVE-2021-4090: kernel-source-azure,kernel-source,kernel-source-rt: kernel: Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function

Bug 1193663 (CVE-2021-4090) - VUL-0: CVE-2021-4090: kernel-source-azure,kernel-source,kernel-source-rt: kernel: Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function

Summary: VUL-0: CVE-2021-4090: kernel-source-azure,kernel-source,kernel-source-rt: ker...

Status:	RESOLVED FIXED

Alias:	CVE-2021-4090

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/317066/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2021-12-13 10:41 UTC by Carlos López
Modified:	2024-06-25 16:29 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos López 2021-12-13 10:41:32 UTC

rh#2025101

NFS client can crash server due to overrun in nfsd4_decode_bitmap4().

Upstream discussion:
https://lore.kernel.org/linux-nfs/97860.1636837122@crash.local/
https://lore.kernel.org/linux-nfs/163692036074.16710.5678362976688977923.stgit@klimt.1015granger.net/

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2025101
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4090

Comment 1 Carlos López 2021-12-13 10:42:31 UTC

SLE15-SP4 is affected. Stable and master are already fixed.

Bug introduced in:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1c263a031e876ac3ca5223c728e4d98ed50b3c0

Fixed in:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0019b7db1d7ac62c711cda6b357a659d46428fe

Comment 3 Neil Brown 2021-12-19 21:18:42 UTC

I've reviewed the patch and applied it to SLE15-SP4

Comment 9 Petr Mladek 2022-05-03 12:56:36 UTC

This bug seems to approach a good date for CVE SLA fulfillment [1].
What is its status, please?
 
[1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel

Comment 10 Takashi Iwai 2022-05-23 15:18:07 UTC

The fix is already found in SLE15-SP4 branch and GMC kernel, so let's reassign back to security team.

Comment 16 Carlos López 2023-04-13 14:51:14 UTC

Done, closing.