CVE-2021-47402 in Linux情報

要約

〜によって VulDB • 2026年07月02日

Based on the stack trace provided, here is an analysis of what happened in the Linux kernel.

### **Summary** This is a **standard kernel call trace (stack dump)** captured during a system crash or panic (`Oops`). It shows that a user-space process attempted to send data over a network socket using `sendmsg`, which triggered a sequence of kernel functions handling Netlink communication, ultimately leading to the fault.

The key takeaway: **The failure occurred in user space** (via syscall), and the kernel was processing it when something went wrong deeper in the stack (not shown here). The trace itself is just the "path" taken; the actual error cause lies further up or down this chain depending on context, but typically such traces are printed *after* a crash to show how we got there.

---

### **Detailed Breakdown**

#### 1. Entry Point: System Call ```text [ 352.830845] do_syscall_64+0x35/0x80
[ 352.831445] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 352.832331] RIP: 0033:0x7f7bee973c17
``` - The process entered the kernel via a **64-bit system call**. - `RIP` (Instruction Pointer) is at user-space address `0x7f7bee973c17`, which belongs to a shared library (likely glibc), indicating this was triggered by an application calling `sendmsg()`.

#### 2. System Call Handling Chain ```text [ 352.826941] __sys_sendmsg+0xb3/0x130
[ 352.827613] ? __sys_sendmsg_sock+0x20/0x20
... [ 352.817096] ___sys_sendmsg+0xd8/0x140
``` - The kernel entered `__sys_sendmsg`, the internal implementation of the `sendmsg` syscall.

#### 3. Socket Layer Processing ```text [ 352.816299] sock_sendmsg+0x6c/0x80
... [ 352.814759] netlink_unicast+0x353/0x480
``` - The socket type is **Netlink**. This is a special IPC mechanism used between user space and kernel space (e.g., for routing, firewall rules, network namespace management). - `sock_sendmsg` called into the Netlink-specific handler.

#### 4. Netlink-Specific Functions ```text [ 352.810744] netlink_unicast+0x353/0x480
... [ 352.809086] ? netlink_deliver_tap+0x62/0x3d0
``` - `netlink_unicast` is sending a message to a specific Netlink socket (possibly the kernel itself or another user-space process). - The presence of `?` before some functions means they were **not** part of the active call path but appeared in the stack frame, possibly due to optimization or inline code.

#### 5. Memory Allocation & I/O Vectors ```text [ 352.812349] ? __alloc_skb+0xd7/0x200 <-- Skbuff allocation (network buffer)
[ 352.813952] ? __import_iovec+0x192/0x210 <-- Copying iovec from user space
``` - The kernel tried to allocate a socket buffer (`sk_buff`) for the Netlink message. - It also copied data structures (`iovec`) from user space into kernel space.

---

### **What Went Wrong?**

The stack trace alone does **not** show the exact error (e.g., null pointer dereference, page fault). However:

1. **This is likely a crash dump**: Such traces are printed when the kernel encounters an unrecoverable error (`Oops` or `Panic`). 2. **Netlink issues are common causes of crashes**: Bugs in Netlink handlers can lead to use-after-free, null pointer dereferences, or invalid memory access. 3. **The fault likely occurred *after* this trace** (deeper in the call stack) or was triggered by one of these functions failing unexpectedly.

### **How

VulDB is the best source for vulnerability data and more expert information about this specific topic.

予約する

2024年05月21日

モデレーション

承諾済み

エントリ

VDB-265480

EPSS

0.00244

アクティビティ

非常低い

ソース

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!