The Linux kernel is the core of the Linux operating system and plays a critical role in managing the system's resources, processes, memory, and overall security. In recent developments, a vulnerability (CVE-2021-46915) was identified and fixed in the Linux kernel that affects netfilter, specifically the nft_limit component. This article highlights the details of this vulnerability, the code involved, and the exploit details.

The vulnerability

The vulnerability was found in the netfilter: nft_limit component that involves a divide error in nft_limit_init. The original code in nft_limit_init uses div_u64() which divides u64 by u32. The problem is that nft_limit_init wants to divide u64 by u64, and this requires using the appropriate math function, div64_u64. The divide error cause a crash, and KASAN (Kernel Address Sanitizer) was used to detect this issue.

Here is a snippet of the original problematic code

RIP: 001:div_u64_rem include/linux/math64.h:28 [inline]
RIP: 001:div_u64 include/linux/math64.h:127 [inline]
RIP: 001:nft_limit_init+x2a2/x5e net/netfilter/nft_limit.c:85

1. Linux Kernel Mailing List (LKML) discussion
2. CVE-2021-46915 in the National Vulnerability Database

Exploit details

Exploiting this vulnerability would typically involve sending specially crafted packets to the target machine with the intention to cause a divide error in the kernel, leading to a crash or potential amplification for other attacks.

To mitigate this vulnerability, the developers have suggested using the appropriate math function div64_u64 instead of div_u64. This will result in dividing u64 by u64, as it was initially intended.

It is crucial for Linux kernel users to keep their systems up-to-date with the latest patches and updates in order to provide optimal security. Upgrading the Linux kernel to a version containing the fix should suffice to prevent this vulnerability from being a potential risk.

Timeline

Published on: 02/27/2024 07:15:08 UTC
Last modified on: 04/10/2024 13:55:34 UTC