{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T02:55:44.979","vulnerabilities":[{"cve":{"id":"CVE-2021-47517","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-05-24T15:15:13.347","lastModified":"2025-03-01T02:40:24.407","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: do not perform operations on net devices being unregistered\n\nThere is a short period between a net device starts to be unregistered\nand when it is actually gone. In that time frame ethtool operations\ncould still be performed, which might end up in unwanted or undefined\nbehaviours[1].\n\nDo not allow ethtool operations after a net device starts its\nunregistration. This patch targets the netlink part as the ioctl one\nisn't affected: the reference to the net device is taken and the\noperation is executed within an rtnl lock section and the net device\nwon't be found after unregister.\n\n[1] For example adding Tx queues after unregister ends up in NULL\n    pointer exceptions and UaFs, such as:\n\n      BUG: KASAN: use-after-free in kobject_get+0x14/0x90\n      Read of size 1 at addr ffff88801961248c by task ethtool/755\n\n      CPU: 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778\n      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014\n      Call Trace:\n       dump_stack_lvl+0x57/0x72\n       print_address_description.constprop.0+0x1f/0x140\n       kasan_report.cold+0x7f/0x11b\n       kobject_get+0x14/0x90\n       kobject_add_internal+0x3d1/0x450\n       kobject_init_and_add+0xba/0xf0\n       netdev_queue_update_kobjects+0xcf/0x200\n       netif_set_real_num_tx_queues+0xb4/0x310\n       veth_set_channels+0x1c3/0x550\n       ethnl_set_channels+0x524/0x610"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ethtool: no realiza operaciones en dispositivos de red que se están dando de baja. Hay un breve período entre que un dispositivo de red comienza a darse de baja y cuando realmente desaparece. En ese período aún se podrían realizar operaciones de ethtool, lo que podría terminar en comportamientos no deseados o indefinidos[1]. No permita operaciones de ethtool después de que un dispositivo de red inicie su cancelación del registro. Este parche apunta a la parte netlink ya que la parte ioctl no se ve afectada: se toma la referencia al dispositivo de red y la operación se ejecuta dentro de una sección de bloqueo rtnl y el dispositivo de red no se encontrará después de cancelar el registro. [1] Por ejemplo, agregar colas de Tx después de cancelar el registro termina en excepciones de puntero NULL y UaF, como: ERROR: KASAN: use-after-free en kobject_get+0x14/0x90 Lectura de tamaño 1 en la dirección ffff88801961248c mediante la tarea ethtool/755 CPU : 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778 Nombre de hardware: PC estándar QEMU (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014 Seguimiento de llamadas: dump_stack_lvl+0x57/0x72 print_address_description.constprop.0+0x1f/0x140 kasan_report.cold+0x7f/0x11b kobject_get+0x14/0x90 kobject_add_internal+0x3d1/0x450 kobject_init_and_add+0xba/0xf0 netdev_queue_update_kobjects+0xcf/0x200 netif_set_real_num_tx_queues+0xb4/0x310 veth_set_channels+0x1c3/0x550 ethnl_set_channels+0x524/ 0x610"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.87","matchCriteriaId":"CF5B2E11-44A8-4C67-B99B-14BA2E16E8D9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.8","matchCriteriaId":"6664ACE2-F748-4AE5-B98B-58803B0B2C3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*","matchCriteriaId":"357AA433-37E8-4323-BFB2-3038D6E4B414"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*","matchCriteriaId":"A73429BA-C2D9-4D0C-A75F-06A1CA8B3983"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*","matchCriteriaId":"F621B5E3-E99D-49E7-90B9-EC3B77C95383"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*","matchCriteriaId":"F7BFDCAA-1650-49AA-8462-407DD593F94F"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7c26da3be1e9843a15b5318f90db8a564479d2ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cfd719f04267108f5f5bf802b9d7de69e99a99f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dde91ccfa25fd58f64c397d91b81a4b393100ffa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7c26da3be1e9843a15b5318f90db8a564479d2ac","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cfd719f04267108f5f5bf802b9d7de69e99a99f9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dde91ccfa25fd58f64c397d91b81a4b393100ffa","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}