CVE-2021-47055 - Linux Kernel mtd Vulnerability: Require Write Permissions for Locking and Badblock ioctls

In a recent security update, the Linux kernel developers have addressed an important vulnerability, which could potentially lead to unauthorized access to resources. The vulnerability, referred to as CVE-2021-47055, concerns the locking and badblock ioctls in the Memory Technology Device (MTD) subsystem. The vulnerability has been resolved by enforcing proper write permissions for these ioctls, thus ensuring better access control.

The MEMLOCK, MEMUNLOCK, and OTPLOCK ioctls in the MTD subsystem are designed to modify the protection bits for block devices. These ioctls should ideally require write permission to ensure that only authorized users are allowed to modify them. However, before the patch, these functions could be potentially abused due to a lack of appropriate permission checks.

Moreover, depending on the underlying hardware, the MEMLOCK function might be a write-once operation, such as in the case of SPI-NOR flash memory devices with their write protection (WP#) tied to ground. Similarly, the OTPLOCK function is always a write-once operation.

The resolution of this vulnerability involved adding appropriate permission checks for the aforementioned ioctls. The following code snippet demonstrates the change made in the affected file to ensure proper write permissions:

@@ -1227,8 +1256,10 @@ static long mtd_ioctl(struct file *file, u_int cmd, u_long arg)
 	case MEMGETBADBLOCK:
 		break;
 	case MEMSETBADBLOCK:
+		if (!(file->f_mode & FMODE_WRITE))
+			return -EBADF;
 		break;
 	case MEMLOCK:
 	case MEMUNLOCK:
 	case OTPLOCK:
+		if (!(file->f_mode & FMODE_WRITE))
+			return -EBADF;
 

As seen in the code snippet, adding the lines if (!(file->f_mode & FMODE_WRITE)) return -EBADF; ensures that write permission is enforced before performing the MEMLOCK, MEMUNLOCK, OTPLOCK, and MEMSETBADBLOCK operations.

For more details on the vulnerability and the changes made to resolve it, you can refer to the original patch submission and the related commit in the Linux kernel source repository.

In summary, CVE-2021-47055 is a potentially serious vulnerability in the Linux kernel's MTD subsystem. By enforcing proper write permissions for the locking and badblock ioctls, the vulnerability has been effectively mitigated. Users and administrators are advised to apply the necessary kernel updates to ensure that their systems are protected against any potential exploitation of this flaw.

Timeline

Published on: 02/29/2024 23:15:07 UTC
Last modified on: 03/01/2024 14:04:26 UTC