摘要:
In the Linux kernel, the following vulnerability has been resolved:
phonet/pep: refuse to enable an unbound pipe
This ioctl() implicitly assumed that the socket was already bound to
a valid local socket name, i.e. Phonet object. If the socket was not
bound, two separate problems would occur:
1) We'd send an pipe enablement request with an invalid source object.
2) Later socket calls could BUG on the socket unexpectedly being
connected yet not bound to a valid object.
安全等级: Low
公告ID: KylinSec-SA-2024-4638
发布日期: 2024年3月29日
关联CVE: CVE-2021-47086
In the Linux kernel, the following vulnerability has been resolved:
phonet/pep: refuse to enable an unbound pipe
This ioctl() implicitly assumed that the socket was already bound to
a valid local socket name, i.e. Phonet object. If the socket was not
bound, two separate problems would occur:
1) We'd send an pipe enablement request with an invalid source object.
2) Later socket calls could BUG on the socket unexpectedly being
connected yet not bound to a valid object.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2021-47086 | KY3.5.1 | kernel | Unaffected |
