CVE-2021-46960 - Linux Kernel Vulnerability in CIFS Resolved - Incorrect Error Code Returned from smb2_get_enc_key

A recent vulnerability in the Linux kernel (CVE-2021-46960) has been resolved, addressing an issue with the cifs kernel module concerning the handling of error codes from the smb2_get_enc_key function. The vulnerability manifested itself as a warning in the form of the following log message:

[440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key
[440700.386947] ------------[ cut here ]------------
[440700.386948] err = 1

The incorrect handling of return codes could lead to improper encryption key usage and adverse effects on the operation of the system. This article aims to provide an overview of the exploit details, the relevant code snippet, and links to original references for additional context.

Exploit Details

The specific issue targeted by CVE-2021-46960 originates with the Common Internet File System (CIFS) kernel module and the smb2_get_enc_key function. The problem stems from the fact that the function does not correctly return error codes when the encryption key cannot be retrieved, as demonstrated by the log message above.

Once aware of the incorrect error code, an attacker may exploit this vulnerability to force improper encryption key usage, causing potential service disruption or data corruption scenarios.

Code Snippet

The relevant code in question is located within the smb2_get_enc_key function, which is responsible for retrieving the encryption key for CIFS messages. The solution entails modifying the function such that it correctly handles return codes when the encryption key cannot be retrieved.

// Previous code
if (ENC_KEY_SIZE != enc_key->len) {
    cERROR(1, "Encryption Key of incorrect size");
    return 1; // incorrect return code
}

// Modified code
if (ENC_KEY_SIZE != enc_key->len) {
    cERROR(1, "Encryption Key of incorrect size");
    return -EIO; // correct return code
}

Link to Original References

For a more in-depth analysis and understanding of the issue, you can review the original references for CVE-2021-46960 listed below:

1. Linux Kernel Announcement - CVE-2021-46960 Reference
2. National Vulnerability Database - CVE-2021-46960 Details
3. Red Hat Security Advisory - CVE-2021-46960 Technical Details
4. Ubuntu Security Advisory - CVE-2021-46960 Fix Released

Conclusion

The Linux kernel vulnerability (CVE-2021-46960) related to the incorrect error code handling in the CIFS module has been resolved. The modified code ensures proper return codes are provided for smb2_get_enc_key. System administrators are encouraged to apply relevant patches and updates to affected systems to mitigate potential exploitation of the vulnerability.

Timeline

Published on: 02/27/2024 19:04:06 UTC
Last modified on: 02/28/2024 14:06:45 UTC