{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/nfc/rawsock.c: fix a permission check bug\n\nThe function rawsock_create() calls a privileged function sk_alloc(), which requires a ns-aware check to check net->user_ns, i.e., ns_capable(). However, the original code checks the init_user_ns using capable(). So we replace the capable() with ns_capable()." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "net/nfc/rawsock.c" ], "versions": [ { "version": "1da177e4c3f4", "lessThan": "c08e0be44759", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "d6a21a3fb033", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "38cb2e23188a", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "ec72482564ff", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "f3ed12af6bbb", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "1e5cab50208c", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "90d0a3c76965", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "8ab78863e9ef", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "net/nfc/rawsock.c" ], "versions": [ { "version": "4.4.273", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "custom" }, { "version": "4.9.273", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "custom" }, { "version": "4.14.237", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "custom" }, { "version": "4.19.195", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.4.126", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.10.44", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.12.11", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/c08e0be44759d0b5affc5888be4aa5e536873335" }, { "url": "https://git.kernel.org/stable/c/d6a21a3fb03300fbaa9fc3ed99f8b0962ce28362" }, { "url": "https://git.kernel.org/stable/c/38cb2e23188af29c43966acee9dbb18b62e26cfe" }, { "url": "https://git.kernel.org/stable/c/ec72482564ff99c6832d33610d9f8ab7ecc81b6d" }, { "url": "https://git.kernel.org/stable/c/f3ed12af6bbbaf79eddb0ae14656b8ecacea74f0" }, { "url": "https://git.kernel.org/stable/c/1e5cab50208c8fb7351b798cb1d569debfeb994a" }, { "url": "https://git.kernel.org/stable/c/90d0a3c76965d7a10fc87c07be3e9714e2130d5c" }, { "url": "https://git.kernel.org/stable/c/8ab78863e9eff11910e1ac8bcf478060c29b379e" } ], "title": "net/nfc/rawsock.c: fix a permission check bug", "x_generator": { "engine": "bippy-a5840b7849dd" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2021-47285", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }