CVE-2021-47285

May 21, 2024, 4:54 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: net/nfc/rawsock.c: fix a permission check bug The function rawsock_create() calls a privileged function sk_alloc(), which requires a ns-aware check to check net->user_ns, i.e., ns_capable(). However, the original code checks the init_user_ns using capable(). So we replace the capable() with ns_capable().

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/1e5cab50208c8fb7351b798cb1d569debfeb994a
https://git.kernel.org/stable/c/38cb2e23188af29c43966acee9dbb18b62e26cfe
https://git.kernel.org/stable/c/8ab78863e9eff11910e1ac8bcf478060c29b379e
https://git.kernel.org/stable/c/90d0a3c76965d7a10fc87c07be3e9714e2130d5c
https://git.kernel.org/stable/c/c08e0be44759d0b5affc5888be4aa5e536873335
https://git.kernel.org/stable/c/d6a21a3fb03300fbaa9fc3ed99f8b0962ce28362
https://git.kernel.org/stable/c/ec72482564ff99c6832d33610d9f8ab7ecc81b6d
https://git.kernel.org/stable/c/f3ed12af6bbbaf79eddb0ae14656b8ecacea74f0

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-21
CVE-2021-47285

Timeline

Published: May 21, 2024, 3:15 p.m.
Last Modified: May 21, 2024, 4:54 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.